[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:42:38.642244 24.30.115.93:4925 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:1565 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xB7C78FB1 Ack: 0x63D91661 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:42:39.612975 24.30.115.93:1068 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:1746 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xB802EF68 Ack: 0x63B2A20F Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:42:43.091217 24.30.115.93:1181 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:2279 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB862FF76 Ack: 0x64C152A3 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:42:53.302030 24.30.115.93:1505 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:3538 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB97B3FC1 Ack: 0x655A3B39 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:03.517519 24.30.115.93:1807 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:4491 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xBA7F5BDB Ack: 0x65924D5D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/20-17:43:03.947867 24.30.115.93:1831 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:4534 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xBA90ED3C Ack: 0x653CF9A6 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/20-17:43:04.493370 24.30.115.93:1844 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:4586 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xBA9AD2C2 Ack: 0x66059C16 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:05.187357 24.30.115.93:1856 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:4654 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xBAA3F8EC Ack: 0x654F7EB0 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:06.043780 24.30.115.93:1872 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:4728 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBAB1C936 Ack: 0x653DB01B Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:09.545927 24.30.115.93:1899 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:5088 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBAC9BD06 Ack: 0x66466010 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:10.199078 24.30.115.93:2016 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:5210 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBB2CB613 Ack: 0x65B4EA01 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:10.581634 24.30.115.93:2035 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:5257 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBB3D719C Ack: 0x66339E21 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:32.542102 24.30.115.93:2705 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:7511 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xBD75E000 Ack: 0x6714214C Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:35.510881 24.30.115.93:2705 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:7878 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xBD75E000 Ack: 0x6714214C Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:36.025309 24.30.115.93:2851 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:7975 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xBDEFBD60 Ack: 0x6706954C Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:39.103894 24.30.115.93:2851 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:8351 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xBDEFBD60 Ack: 0x6706954C Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:45.940799 24.30.115.93:3141 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:9108 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xBEEB5703 Ack: 0x681F295A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/20-17:43:49.641078 24.30.115.93:3292 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:9576 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xBF6BE093 Ack: 0x688844CD Win: 0xFAF0 TcpLen: 20 |