[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:12.740821 24.74.152.249:4531 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:2820 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xD52EE881 Ack: 0xCFF3895D Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:13.207795 24.74.152.249:4540 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:2879 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xD535E9D0 Ack: 0xD029DAC5 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:13.431856 24.74.152.249:4545 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:2908 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD53B3914 Ack: 0xD030B07F Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:17.026622 24.74.152.249:4660 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:3442 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD598AB63 Ack: 0xD07D9DF4 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:20.484548 24.74.152.249:4792 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:4088 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD6030250 Ack: 0xD0C2CD5C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/05-22:43:20.700239 24.74.152.249:4798 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:4119 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD6088E22 Ack: 0xD058C41E Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/05-22:43:20.882192 24.74.152.249:4805 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:4142 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD60EB916 Ack: 0xD0807AD5 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:21.103432 24.74.152.249:4808 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:4175 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xD6124444 Ack: 0xD0D188CE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:24.572038 24.74.152.249:4888 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD6598D21 Ack: 0xD04ED716 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:28.169774 24.74.152.249:4975 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:5069 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD6A82B05 Ack: 0xD0CDF59A Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:28.373347 24.74.152.249:4982 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:5102 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD6AD3C14 Ack: 0xD0846627 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:32.602562 24.74.152.249:1148 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:5712 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD7212394 Ack: 0xD1194C80 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:33.005911 24.74.152.249:1162 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:5760 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xD72DAAA3 Ack: 0xD0B47D7A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:33.440293 24.74.152.249:1168 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:5805 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD733995E Ack: 0xD0C3B71E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:33.943017 24.74.152.249:1184 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:5865 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xD740ABF1 Ack: 0xD0C958DA Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-22:43:37.997678 24.74.152.249:1298 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:6359 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD7A3F87A Ack: 0xD1DBC2A2 Win: 0x4470 TcpLen: 20 |