[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:33:22.489402 24.91.57.211:3131 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:9623 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x9FF355A5 Ack: 0x685AD1DC Win: 0xB5C9 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:33:26.265087 24.91.57.211:3180 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:9725 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xA0255DA7 Ack: 0x6888B0E8 Win: 0xB5C9 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:33:35.725158 24.91.57.211:3337 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:10205 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA0BE9B55 Ack: 0x69DBFAEE Win: 0xB5C9 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:33:38.906899 24.91.57.211:3373 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:10293 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA0E55307 Ack: 0x6988B6EE Win: 0xB5C9 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:33:42.298389 24.91.57.211:3412 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:10380 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xA10E3D25 Ack: 0x6999F8C1 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/16-02:33:42.454386 24.91.57.211:3414 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:10390 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xA1108271 Ack: 0x69B1DA18 Win: 0xB5C9 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/16-02:33:55.240526 24.91.57.211:3556 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:10873 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xA1A2F8EE Ack: 0x6ABC8FEE Win: 0xB5C9 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:33:58.880425 24.91.57.211:3614 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11004 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xA1DC9EB6 Ack: 0x6A9A79E7 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:02.506167 24.91.57.211:3690 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11082 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA2281465 Ack: 0x6AD365F4 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:12.002740 24.91.57.211:3892 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11801 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA2E1BFEC Ack: 0x6B571A04 Win: 0xB5C9 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:12.172258 24.91.57.211:3895 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11817 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA2E471B8 Ack: 0x6B823800 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:12.381340 24.91.57.211:3899 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11827 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA2E81979 Ack: 0x6BAD44E8 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:12.543927 24.91.57.211:3903 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11840 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xA2EBD58A Ack: 0x6BEE4DB5 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:12.704869 24.91.57.211:3907 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11850 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xA2EF29DD Ack: 0x6B7D6C03 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:12.872046 24.91.57.211:3912 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:11859 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xA2F3731B Ack: 0x6BBB1E33 Win: 0xB5C9 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/16-02:34:22.337608 24.91.57.211:4035 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:12152 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xA37181AA Ack: 0x6C17C972 Win: 0xB5C9 TcpLen: 20 |