[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:08:21.003791 24.98.23.210:4012 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:4232 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xB781230E Ack: 0x1ED787CA Win: 0x44E8 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:08:33.306165 24.98.23.210:4378 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:5905 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xB8BBC3E4 Ack: 0x1FFE2275 Win: 0x44E8 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:08:34.015639 24.98.23.210:4402 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6001 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB8D22F5A Ack: 0x20EDB237 Win: 0x44E8 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:08:34.669022 24.98.23.210:4415 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6084 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB8DF47D2 Ack: 0x202E91DC Win: 0x44E8 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:08:35.301132 24.98.23.210:4432 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6143 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xB8EEE180 Ack: 0x202A9DE5 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/05-21:08:36.022852 24.98.23.210:4446 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6222 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xB8FB42EF Ack: 0x2115246F Win: 0x44E8 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/05-21:08:36.619067 24.98.23.210:4462 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6308 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xB9096788 Ack: 0x2025BDE6 Win: 0x44E8 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:08:37.473316 24.98.23.210:4480 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6387 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xB9194FD8 Ack: 0x20EC46CE Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:08:37.930155 24.98.23.210:4502 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6473 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB92E3E57 Ack: 0x20F15EC3 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:10:11.930620 24.98.23.210:3090 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:18301 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xC1E8B661 Ack: 0x26988DB2 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:10:12.249998 24.98.23.210:3171 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:18350 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xC23380F6 Ack: 0x262D20F5 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:10:12.725505 24.98.23.210:3182 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:18413 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xC23D2AB6 Ack: 0x2653ECD6 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-21:10:13.368049 24.98.23.210:3193 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:18481 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xC245AB57 Ack: 0x262DD449 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |