[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:38.310179 24.84.94.195:4393 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29203 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x2157D68C Ack: 0x116AC415 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:38.863084 24.84.94.195:4401 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29264 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x215F9027 Ack: 0x113C7B25 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:42.464615 24.84.94.195:4477 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29546 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x21A2D475 Ack: 0x1194F726 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:42.880494 24.84.94.195:4478 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29603 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x21A45EB4 Ack: 0x1152C703 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:52.545130 24.84.94.195:4734 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:30652 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x22720299 Ack: 0x124B4724 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/08-06:40:52.762452 24.84.94.195:4736 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:30664 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x2273BAA5 Ack: 0x124F4487 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/08-06:40:52.976680 24.84.94.195:4742 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:30680 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x2277F858 Ack: 0x11F2E9EC Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:53.198050 24.84.94.195:4748 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:30696 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x227D2B0E Ack: 0x11EA1EBC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:56.408299 24.84.94.195:4814 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:30952 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x22B5AF8C Ack: 0x12BCE2F7 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:40:56.632802 24.84.94.195:4822 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:30974 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x22BAB01D Ack: 0x1239F164 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:41:09.444844 24.84.94.195:3098 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:31933 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x236C6308 Ack: 0x125698DB Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:41:12.580036 24.84.94.195:3154 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:32221 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x239FC04C Ack: 0x1300F546 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:41:22.568276 24.84.94.195:3415 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:33056 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x248C800F Ack: 0x13DAE2E3 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:41:23.000097 24.84.94.195:3428 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:33128 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x24980145 Ack: 0x140526C1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:41:25.789871 24.84.94.195:3428 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:33464 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x24980145 Ack: 0x140526C1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:41:26.303368 24.84.94.195:3518 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:33522 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x24E5A99C Ack: 0x13DFD154 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-06:41:29.860761 24.84.94.195:3578 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:33966 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x251DA2F8 Ack: 0x14199717 Win: 0x4470 TcpLen: 20 |