[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:36:01.141307 24.98.129.251:4647 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:61709 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x7764431D Ack: 0x68F8AED5 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:36:04.430873 24.98.129.251:4900 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:62492 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x7828F08B Ack: 0x687B6717 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:36:04.600440 24.98.129.251:1144 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:62564 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x78D4959B Ack: 0x6911DE43 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:36:04.794270 24.98.129.251:1169 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:62662 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x78E81D5E Ack: 0x691369A1 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:36:04.953437 24.98.129.251:1194 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:62749 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x78FBBC03 Ack: 0x6926B7FF Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/09-22:36:14.371687 24.98.129.251:1856 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:64895 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x7B009C07 Ack: 0x694B4989 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:36:17.934906 24.98.129.251:2148 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:113 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x7BE201F4 Ack: 0x69BB9475 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:36:18.119344 24.98.129.251:2161 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:158 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7BEC3EF2 Ack: 0x69A76230 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:37:04.161542 24.98.129.251:1897 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:11620 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x87417A29 Ack: 0x6CD9DDFC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:37:07.368465 24.98.129.251:1931 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:12401 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8759F5B8 Ack: 0x6DE90205 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:37:16.904221 24.98.129.251:2217 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:14437 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x88368920 Ack: 0x6D720A4B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/09-22:37:20.110576 24.98.129.251:2846 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:15082 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8A2D5DE5 Ack: 0x6E4ABC50 Win: 0x4470 TcpLen: 20 |