[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:13.447248 24.85.206.152:3651 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:38211 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x68AAD9F3 Ack: 0x8F62045 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:14.554817 24.85.206.152:3683 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:38353 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x68C44923 Ack: 0x90BFC36 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:18.414642 24.85.206.152:3788 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:38876 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x692094A3 Ack: 0x9E8E756 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:19.408923 24.85.206.152:3817 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:39014 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x693AC015 Ack: 0x9DAB468 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:20.131171 24.85.206.152:3843 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:39133 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x69515D52 Ack: 0xA11A65D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/23-01:49:30.085751 24.85.206.152:4149 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:40572 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x6A55B664 Ack: 0x9F85ADE Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/23-01:49:30.600189 24.85.206.152:4170 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:40641 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x6A67FAA9 Ack: 0xA2216B3 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:31.223457 24.85.206.152:4186 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:40726 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x6A75DFA3 Ack: 0xA3DB73A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:31.999589 24.85.206.152:4205 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:40836 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6A84E10F Ack: 0xAA13133 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:32.854079 24.85.206.152:4240 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:40944 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6AA00650 Ack: 0xA905309 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:33.589690 24.85.206.152:4261 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:41061 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6AB15A4B Ack: 0xA3EEC0D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:42.996259 24.85.206.152:4548 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:42324 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6BA84FB3 Ack: 0xAB67E5F Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:43.170428 24.85.206.152:4554 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:42361 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x6BADE263 Ack: 0xB27FBD4 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:46.353088 24.85.206.152:4554 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:42726 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x6BADE263 Ack: 0xB27FBD4 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:52.960040 24.85.206.152:4821 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:43445 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6C7C60AF Ack: 0xBD383A3 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:55.893594 24.85.206.152:4821 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:43770 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6C7C60AF Ack: 0xBD383A3 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:56.873963 24.85.206.152:4975 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:43877 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x6CCC69CB Ack: 0xBD39EFF Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-01:49:57.692042 24.85.206.152:1042 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:43980 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6CE3CF25 Ack: 0xC5175D6 Win: 0xFAF0 TcpLen: 20 |