[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-11:23:42.770300 24.91.100.180:2924 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:39822 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x35A55C38 Ack: 0x495DBC2A Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-11:23:43.530428 24.91.100.180:2940 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:39894 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x35B30FA0 Ack: 0x49911B73 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-11:23:56.257580 24.91.100.180:3191 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:41000 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x368C1AD7 Ack: 0x49D282EB Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-11:23:56.977490 24.91.100.180:3288 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:41060 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x36E2120A Ack: 0x4A01DE48 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-11:23:57.475105 24.91.100.180:3312 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:41127 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x36F6BA24 Ack: 0x49EDA005 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-11:24:01.234131 24.91.100.180:3418 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:41510 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x374FD5BF Ack: 0x4A512E0F Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-11:24:01.977570 24.91.100.180:3433 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:41568 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x375E60BA Ack: 0x4ABF76C1 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-11:24:05.764670 24.91.100.180:3540 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:41938 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x37BD4A88 Ack: 0x4AFCE1FE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |