[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:09.956104 24.60.106.185:1296 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:19944 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x63EC529B Ack: 0x9A3A2488 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:14.669219 24.60.106.185:1670 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:20814 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x651494FE Ack: 0x9A190D07 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:15.614185 24.60.106.185:1730 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:20969 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6543FA7B Ack: 0x9A8BC558 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:25.530198 24.60.106.185:2151 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:22647 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x669F0D97 Ack: 0x9ACFB673 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:26.369983 24.60.106.185:2187 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:22793 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x66BE0F9C Ack: 0x9B75CCAF Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/21-21:03:27.357506 24.60.106.185:2225 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:22954 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x66DBEE33 Ack: 0x9B386AEA Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/21-21:03:28.540200 24.60.106.185:2255 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:23151 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x66F5B9D7 Ack: 0x9BB3D87C Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:41.862496 24.60.106.185:2707 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:25473 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x686A5CA5 Ack: 0x9C031FBC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:42.832786 24.60.106.185:2880 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:25642 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x68F828B9 Ack: 0x9BD7A3F5 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:43.899490 24.60.106.185:2930 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:25826 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6922259D Ack: 0x9C747889 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:54.075547 24.60.106.185:3361 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:27522 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6A88D611 Ack: 0x9C751FD1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:03:55.151385 24.60.106.185:3426 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:27721 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6ABCFF7B Ack: 0x9CF7BDEA Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:04:05.378400 24.60.106.185:3889 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:29545 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x6C30143B Ack: 0x9DD6C94C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:04:06.548450 24.60.106.185:3943 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:29755 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6C58F3F9 Ack: 0x9DC3B310 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:04:07.624896 24.60.106.185:3997 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:29958 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x6C845017 Ack: 0x9D0D9DC1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-21:04:17.855940 24.60.106.185:4464 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:31810 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6DFB5527 Ack: 0x9DC1B7B4 Win: 0x4470 TcpLen: 20 |