[**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/01-15:19:11.073849 68.37.54.69:1034 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:797 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/01-17:20:16.241402 12.252.61.161:1429 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:61853 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-01:27:31.470090 206.149.148.192:1101 -> 172.16.134.191:1434 UDP TTL:115 TOS:0x0 ID:59440 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-09:42:07.344898 218.4.87.137:1032 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:31825 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-09:57:10.953522 66.81.131.17:1382 -> 172.16.134.191:1434 UDP TTL:115 TOS:0x0 ID:55934 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-12:00:33.594400 61.177.56.98:1243 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:20802 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:615:4] SCAN SOCKS Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/02-14:24:55.179508 200.74.26.73:25590 -> 172.16.134.191:1080 TCP TTL:114 TOS:0x0 ID:34075 IpLen:20 DgmLen:40 DF ******S* Seq: 0x187C0000 Ack: 0x0 Win: 0x200 TcpLen: 20 [Xref => http://help.undernet.org/proxyscan/] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-16:31:21.287394 61.132.88.90:4048 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:9872 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-16:46:38.157076 24.167.221.106:2383 -> 172.16.134.191:1434 UDP TTL:117 TOS:0x0 ID:61212 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-00:25:28.403821 67.201.75.38:4079 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:28137 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-03:27:50.266224 61.8.1.64:1045 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:53366 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-05:36:57.007466 61.132.88.90:4048 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:59794 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-07:27:51.069442 68.84.210.227:1154 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:63578 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-07:35:24.933871 66.233.4.225:3038 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:58599 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-08:38:06.339056 200.50.124.2:5247 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:42964 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-04:09:14.785262 12.253.142.87:1038 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:34501 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-04:10:15.242366 12.83.147.97:2141 -> 172.16.134.191:1434 UDP TTL:118 TOS:0x0 ID:37271 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-06:43:39.146868 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:21679 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-07:32:41.267271 218.92.13.142:3010 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:21531 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-07:43:18.243479 61.134.45.19:2790 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:33392 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-08:39:15.332990 61.132.88.90:4526 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:57416 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-10:06:39.141071 61.132.88.50:3402 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:12089 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-12:05:56.210828 218.4.99.237:1154 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:21230 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-16:36:27.744360 216.229.73.11:2604 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:25989 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-21:00:43.924985 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:2765 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-22:33:17.534737 168.243.103.205:1070 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:35515 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-01:30:51.477955 216.192.145.21:1244 -> 172.16.134.191:1434 UDP TTL:113 TOS:0x0 ID:58185 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-01:58:34.144382 61.185.29.9:4570 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:925 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:39:25.163950 210.22.204.101:1678 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:27400 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7616A79E Ack: 0x8B5A4420 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:39:25.181819 210.22.204.101:1678 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:27401 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7616AD52 Ack: 0x8B5A4420 Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:39:44.284253 210.22.204.101:2927 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48133 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7A103040 Ack: 0x8BA4509E Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:39:44.295038 210.22.204.101:2927 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48134 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7A1035F4 Ack: 0x8BA4509E Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:39:54.171141 210.22.204.101:3556 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:60846 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7C0F00B8 Ack: 0x8BCA3AF5 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:39:54.171195 210.22.204.101:3556 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:60847 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7C0F066C Ack: 0x8BCA3AF5 Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:04.022241 210.22.204.101:4276 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:10584 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7E4B596D Ack: 0x8BF0E9C8 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:04.033270 210.22.204.101:4276 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:10585 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7E4B5F21 Ack: 0x8BF0E9C8 Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:13.860713 210.22.204.101:1144 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:28759 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x80581697 Ack: 0x8C1758F9 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:13.860765 210.22.204.101:1144 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:28760 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x80581C4B Ack: 0x8C1758F9 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:19.081891 210.22.204.101:1505 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:39146 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x817A2AFD Ack: 0x8C2C262C Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:19.082249 210.22.204.101:1505 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:39145 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x817A2549 Ack: 0x8C2C262C Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:24.316096 210.22.204.101:1801 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48594 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x826AFDCA Ack: 0x8C413F44 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:24.325966 210.22.204.101:1801 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48595 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x826B037E Ack: 0x8C413F44 Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:29.564420 210.22.204.101:2161 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:58202 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x838B5F5B Ack: 0x8C55B66D Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:29.564485 210.22.204.101:2161 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:58203 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x838B650F Ack: 0x8C55B66D Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:34.794752 210.22.204.101:2545 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:2442 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x84B7DB99 Ack: 0x8C6AD5C3 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:34.794807 210.22.204.101:2545 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:2443 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x84B7E14D Ack: 0x8C6AD5C3 Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:40.029342 210.22.204.101:2897 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:11431 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x85D11744 Ack: 0x8C7F485B Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:40.041135 210.22.204.101:2897 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:11432 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x85D11CF8 Ack: 0x8C7F485B Win: 0xFAF0 TcpLen: 20 [**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**] [Classification: Executable code was detected] [Priority: 1] 03/05-04:40:45.281996 210.22.204.101:3187 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:19134 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x86C2C0E8 Ack: 0x8C94199F Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-04:40:45.282048 210.22.204.101:3187 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:19135 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x86C2C69C Ack: 0x8C94199F Win: 0xFAF0 TcpLen: 20 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-05:07:40.602541 4.33.244.44:3558 -> 172.16.134.191:1434 UDP TTL:118 TOS:0x0 ID:38531 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-06:14:54.493121 24.74.199.104:1321 -> 172.16.134.191:1434 UDP TTL:113 TOS:0x0 ID:55474 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-06:31:14.104906 81.57.217.208:1457 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:37344 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-08:26:16.386836 61.185.212.166:1133 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:35025 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-08:31:01.805270 213.170.56.83:1037 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:20218 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-10:17:57.297316 218.4.48.74:3017 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:37584 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-11:01:11.764238 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:24503 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-11:05:06.317809 212.162.165.18:1032 -> 172.16.134.191:1434 UDP TTL:109 TOS:0x0 ID:27300 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-11:11:38.134226 200.135.228.10:4273 -> 172.16.134.191:1434 UDP TTL:108 TOS:0x0 ID:53786 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] [**] [1:1129:4] WEB-MISC .htaccess access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:40.242531 24.197.194.106:4276 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30040 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6E827F42 Ack: 0x525CDC56 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:49:47.149246 24.197.194.106:4426 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31089 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x6EEF96FD Ack: 0x52920E74 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:47.313839 24.197.194.106:4430 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31121 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x6EF35342 Ack: 0x529484F0 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:47.401856 24.197.194.106:4433 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31139 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6EF62B8E Ack: 0x5295E415 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:47.618445 24.197.194.106:4438 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31171 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x6EFA7F75 Ack: 0x5297E39F Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:47.637689 24.197.194.106:4439 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31176 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6EFB5A86 Ack: 0x52987D2E Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:47.875897 24.197.194.106:4444 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31212 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6F00A58C Ack: 0x529A4F81 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:47.970679 24.197.194.106:4446 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31225 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x6F01E301 Ack: 0x529B8CF7 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:48.354234 24.197.194.106:4453 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31292 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x6F085652 Ack: 0x529E3D1C Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:48.680105 24.197.194.106:4458 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31349 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F0DCD33 Ack: 0x52A1A819 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:49.063943 24.197.194.106:4464 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31394 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F13E52F Ack: 0x52A3C155 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:49.688212 24.197.194.106:4467 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31442 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x6F18F95D Ack: 0x52A767DC Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:49.763569 24.197.194.106:4469 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31453 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x6F1A6CF3 Ack: 0x52A88099 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:49.907196 24.197.194.106:4471 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31468 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F1C719B Ack: 0x52A9CC02 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:50.063687 24.197.194.106:4474 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31489 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6F1FC4EE Ack: 0x52AB3289 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:50.097417 24.197.194.106:4475 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31502 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F21216C Ack: 0x52AC5EFB Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:50.102200 24.197.194.106:4476 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31503 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6F2204D3 Ack: 0x52AD5A2E Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:50.454424 24.197.194.106:4481 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31541 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x6F272216 Ack: 0x52AFB9C6 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:50.583624 24.197.194.106:4485 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31563 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x6F2AF9DB Ack: 0x52B10525 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:50.583628 24.197.194.106:4486 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31565 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F2BC9DE Ack: 0x52B22658 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:50.765542 24.197.194.106:4487 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31574 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x6F2D7C03 Ack: 0x52B3A668 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:51.954559 24.197.194.106:4491 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31641 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F355108 Ack: 0x52BA1870 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:52.672060 24.197.194.106:4495 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31698 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6F3BFB11 Ack: 0x52BDFD58 Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:53.296626 24.197.194.106:4498 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31745 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x6F411123 Ack: 0x52C1CCFA Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:53.306685 24.197.194.106:4499 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31746 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x6F4204D1 Ack: 0x52C2AEEA Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:53.794460 24.197.194.106:4505 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31797 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F4836DD Ack: 0x52C63DCF Win: 0x4470 TcpLen: 20 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:53.962073 24.197.194.106:4507 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31816 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x6F4A73FB Ack: 0x52C79793 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:53.962077 24.197.194.106:4508 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31818 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6F4B476F Ack: 0x52C88BC3 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:54.111438 24.197.194.106:4510 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31834 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x6F4D6777 Ack: 0x52C9DD5C Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:54.414672 24.197.194.106:4514 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31869 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6F51B7DC Ack: 0x52CB8D06 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:54.455791 24.197.194.106:4516 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31876 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6F5370BA Ack: 0x52CCCA99 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:54.623313 24.197.194.106:4518 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31893 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F55F94D Ack: 0x52CE38E7 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:54.661734 24.197.194.106:4520 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31897 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x6F572AC7 Ack: 0x52CF1D0F Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:49:54.864278 24.197.194.106:4522 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31915 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0x6F59A3A5 Ack: 0x52D0E9DE Win: 0x4470 TcpLen: 20 [Xref => http://www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.034049 24.197.194.106:4563 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32088 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F7782B3 Ack: 0x52DBD900 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.070701 24.197.194.106:4556 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32098 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F70A9C8 Ack: 0x52DC6551 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:49:57.090889 24.197.194.106:4557 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32105 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F71333A Ack: 0x52DD4DFA Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.104374 24.197.194.106:4558 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32110 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6F71F1AA Ack: 0x52DE0E77 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.112074 24.197.194.106:4559 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32111 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F734F78 Ack: 0x52DEAACA Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.112077 24.197.194.106:4551 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32112 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F6B070C Ack: 0x52DF586E Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.204263 24.197.194.106:4553 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32135 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F6D41D4 Ack: 0x52E10B10 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:49:57.227437 24.197.194.106:4565 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32143 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F79D32B Ack: 0x52E1F206 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:49:57.235110 24.197.194.106:4566 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32144 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6F7ABB7D Ack: 0x52E2D24C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:49:57.239928 24.197.194.106:4567 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32147 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6F7B76F9 Ack: 0x52E3A320 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:1112:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.247609 24.197.194.106:4568 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32149 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x6F7C324C Ack: 0x52E48F36 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS298] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:49:57.273606 24.197.194.106:4569 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32157 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6F7CC1DC Ack: 0x52E5379E Win: 0x4470 TcpLen: 20 [Xref => http://www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.273609 24.197.194.106:4570 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32158 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F7D918A Ack: 0x52E60E7E Win: 0x4470 TcpLen: 20 [**] [1:1142:5] WEB-MISC /.... access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.274559 24.197.194.106:4571 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32159 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F7E140B Ack: 0x52E70631 Win: 0x4470 TcpLen: 20 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:49:57.345942 24.197.194.106:4578 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32180 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x6F834B60 Ack: 0x52EC8A41 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:06.369340 24.197.194.106:4843 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32919 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7030EB11 Ack: 0x5336C93D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:07.317831 24.197.194.106:4855 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32997 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x703D79CB Ack: 0x533BFB05 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:07.338660 24.197.194.106:4858 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33000 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x703F7C5D Ack: 0x533CC03A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:08.008371 24.197.194.106:4869 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33046 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x704BE748 Ack: 0x5340B67E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:09.642577 24.197.194.106:4910 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33241 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x707060D4 Ack: 0x534BFF42 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:09.671681 24.197.194.106:4913 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33248 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7072D656 Ack: 0x534C91C9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:09.685923 24.197.194.106:4916 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33250 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x7074DC90 Ack: 0x534D25C9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:10.355089 24.197.194.106:4934 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33316 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7086B6F8 Ack: 0x53518DE6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:10.585096 24.197.194.106:4938 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33354 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x708AD8A1 Ack: 0x5352D95D Win: 0x4470 TcpLen: 20 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:50:14.010522 24.197.194.106:1048 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33748 IpLen:20 DgmLen:145 DF ***AP*** Seq: 0x70D6E4CC Ack: 0x5370FFD7 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:15.659664 24.197.194.106:1075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33925 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x70F2C524 Ack: 0x538152CF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:15.729917 24.197.194.106:1077 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33935 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x70F4ED1D Ack: 0x53824F25 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:15.829929 24.197.194.106:1079 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33946 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x70F73F20 Ack: 0x5383C0D6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:17.117735 24.197.194.106:1083 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34020 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x70FF3E06 Ack: 0x538A29E4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:18.017606 24.197.194.106:1086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34137 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x71051727 Ack: 0x538F5095 Win: 0x4470 TcpLen: 20 [**] [1:1661:3] WEB-IIS cmd32.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:20.641215 24.197.194.106:1156 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34394 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x713921D7 Ack: 0x53ADE58E Win: 0x4470 TcpLen: 20 [**] [1:1661:3] WEB-IIS cmd32.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:22.322078 24.197.194.106:1159 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34565 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x71429C3A Ack: 0x53B615AA Win: 0x4470 TcpLen: 20 [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:27.468888 24.197.194.106:1238 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35008 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7193B1BE Ack: 0x53F13A61 Win: 0x4470 TcpLen: 20 [Xref => http://www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:50:40.017266 24.197.194.106:1311 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35387 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x71F4C510 Ack: 0x543E78DD Win: 0x4470 TcpLen: 20 [Xref => http://www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1165:6] WEB-MISC Novell Groupwise gwweb.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:51:11.841780 24.197.194.106:1337 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35475 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x7281F631 Ack: 0x54C7029D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1006][Xref => http://www.securityfocus.com/bid/879] [**] [1:1165:6] WEB-MISC Novell Groupwise gwweb.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:51:12.097419 24.197.194.106:1340 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35484 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x7284D571 Ack: 0x54C96FAE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1006][Xref => http://www.securityfocus.com/bid/879] [**] [1:1373:5] WEB-ATTACKS conf/httpd.conf attempt [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-12:51:16.253421 24.197.194.106:1359 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35581 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x729BD514 Ack: 0x54E2DAED Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:51:23.659593 24.197.194.106:1737 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36066 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x72EFEE3A Ack: 0x55216D50 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:51:23.964628 24.197.194.106:1738 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36082 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F1A31D Ack: 0x552389B0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:51:24.060555 24.197.194.106:1740 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36095 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F39933 Ack: 0x55252D9E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:51:24.167683 24.197.194.106:1742 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36115 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x72F63FFE Ack: 0x5526651C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:51:24.210736 24.197.194.106:1743 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36122 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x72F6FC53 Ack: 0x552737F4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:51:24.238140 24.197.194.106:1746 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36129 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F929AD Ack: 0x55288CB8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:51:24.322600 24.197.194.106:1748 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36144 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x72FB4E39 Ack: 0x552997C8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.133609 24.197.194.106:1291 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49386 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E32240F Ack: 0x5A5809C6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.143494 24.197.194.106:1293 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49390 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E33D954 Ack: 0x5A58A0C0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.173496 24.197.194.106:1295 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49397 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E34FE43 Ack: 0x5A598696 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.180137 24.197.194.106:1297 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49398 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E3646EE Ack: 0x5A5A2172 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.191200 24.197.194.106:1298 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49400 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E370706 Ack: 0x5A5B0C74 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.200086 24.197.194.106:1300 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49402 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E384214 Ack: 0x5A5BF283 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.216849 24.197.194.106:1302 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49408 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E39B0BF Ack: 0x5A5CC777 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.239750 24.197.194.106:1303 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49414 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E3AA936 Ack: 0x5A5D7E38 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.256829 24.197.194.106:1307 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49418 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E3D40C3 Ack: 0x5A5E2F66 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.277251 24.197.194.106:1309 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49420 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E3F1A48 Ack: 0x5A5F285E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.320152 24.197.194.106:1312 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49431 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E418816 Ack: 0x5A601816 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.327287 24.197.194.106:1314 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49433 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E430B22 Ack: 0x5A60C147 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.346056 24.197.194.106:1315 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49437 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E4394C1 Ack: 0x5A61AB50 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.364480 24.197.194.106:1319 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49443 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E47006C Ack: 0x5A62EA05 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.364482 24.197.194.106:1318 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49444 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E45C3E9 Ack: 0x5A625039 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.381260 24.197.194.106:1322 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49448 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E4948BC Ack: 0x5A6413F6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.401416 24.197.194.106:1326 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49453 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E4C523F Ack: 0x5A65A65A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.407936 24.197.194.106:1324 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49454 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E4A844F Ack: 0x5A64BC03 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.420568 24.197.194.106:1328 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49457 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E4DB5FB Ack: 0x5A6695C1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.436749 24.197.194.106:1330 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49462 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E4F1EBB Ack: 0x5A676189 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.468437 24.197.194.106:1332 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49469 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E50E940 Ack: 0x5A6834F6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.474668 24.197.194.106:1334 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49471 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E525B70 Ack: 0x5A68E575 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.502030 24.197.194.106:1336 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49477 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E53E972 Ack: 0x5A6A0D1B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.502037 24.197.194.106:1338 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49480 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E5554AE Ack: 0x5A6A991C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.558915 24.197.194.106:1341 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49493 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E582983 Ack: 0x5A6B819D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.567014 24.197.194.106:1342 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49495 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E58DA23 Ack: 0x5A6C2CA8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.586039 24.197.194.106:1345 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49499 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E5BA8E9 Ack: 0x5A6D64E7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.605407 24.197.194.106:1347 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49506 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E5D711A Ack: 0x5A6E0A04 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.626788 24.197.194.106:1348 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49510 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E5E554D Ack: 0x5A6EEDA4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.635103 24.197.194.106:1351 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49512 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E60CEB8 Ack: 0x5A6FAF33 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.657076 24.197.194.106:1353 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49516 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E6219D7 Ack: 0x5A7095AC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.657083 24.197.194.106:1355 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49518 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E632FC6 Ack: 0x5A716AE7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.679400 24.197.194.106:1357 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49521 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E64E585 Ack: 0x5A72284C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.743880 24.197.194.106:1360 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49537 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E67A757 Ack: 0x5A736F66 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.752284 24.197.194.106:1362 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49542 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E697D0D Ack: 0x5A7463E1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.773032 24.197.194.106:1366 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49545 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E6C9F1C Ack: 0x5A751502 Win: 0x4470 TcpLen: 20 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:56:09.782850 24.197.194.106:1368 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49547 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E6E4150 Ack: 0x5A75A428 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:09.800230 24.197.194.106:1370 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49553 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7E6F7A16 Ack: 0x5A76AB01 Win: 0x4470 TcpLen: 20 [Xref => http://www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:56:09.810669 24.197.194.106:1373 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49555 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E71EFFA Ack: 0x5A775CC9 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:56:09.846388 24.197.194.106:1377 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49564 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E746F5D Ack: 0x5A791C22 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:56:09.877333 24.197.194.106:1381 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49572 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E77F052 Ack: 0x5A7B2598 Win: 0x4470 TcpLen: 20 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.486472 24.197.194.106:1390 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49631 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7E814CB1 Ack: 0x5A7E5B53 Win: 0x4470 TcpLen: 20 [Xref => http://www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.521073 24.197.194.106:1393 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49637 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E83B9EA Ack: 0x5A80B0C7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.521079 24.197.194.106:1391 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49640 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E825F95 Ack: 0x5A7FBABC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.543244 24.197.194.106:1395 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49643 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E85242A Ack: 0x5A8184B3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.645249 24.197.194.106:1401 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49659 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E8A4718 Ack: 0x5A82DE64 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.668823 24.197.194.106:1403 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49661 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7E8BDBBD Ack: 0x5A83DC10 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.907296 24.197.194.106:1464 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49691 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7E95694D Ack: 0x5A85F419 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:10.917543 24.197.194.106:1465 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49693 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7E963E1B Ack: 0x5A8693B5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.196000 24.197.194.106:1496 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49798 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7EB2C8CD Ack: 0x5A8BCA9D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.213081 24.197.194.106:1498 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49801 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EB478C6 Ack: 0x5A8C962E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.230625 24.197.194.106:1500 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49803 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EB5AC67 Ack: 0x5A8D2317 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.346336 24.197.194.106:1502 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49813 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EB78112 Ack: 0x5A8EBF3C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.576653 24.197.194.106:1507 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49828 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EBB7436 Ack: 0x5A905914 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.922773 24.197.194.106:1512 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49856 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC0C7C4 Ack: 0x5A92AF80 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.980886 24.197.194.106:1514 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49863 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC2A5D0 Ack: 0x5A93A9C4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:12.992692 24.197.194.106:1515 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49865 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC38299 Ack: 0x5A947D80 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:13.203314 24.197.194.106:1522 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49883 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC94DDC Ack: 0x5A96055D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:14.080266 24.197.194.106:1537 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49937 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7ED8AE32 Ack: 0x5A9A64BD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:14.208367 24.197.194.106:1541 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49946 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EDC23B7 Ack: 0x5A9BF0F7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:14.935485 24.197.194.106:1556 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49982 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7EE98D1D Ack: 0x5A9ED323 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:14.974511 24.197.194.106:1557 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49989 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EEA8F96 Ack: 0x5A9FF761 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.204681 24.197.194.106:1561 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50003 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7EEE9261 Ack: 0x5AA17A51 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.335460 24.197.194.106:1625 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50012 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EEF92AB Ack: 0x5AA2B72D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.570183 24.197.194.106:1628 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50027 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7EF2D641 Ack: 0x5AA4D0FC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.629200 24.197.194.106:1630 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50030 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EF3E29F Ack: 0x5AA58A5A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.629222 24.197.194.106:1631 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50031 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EF4D1FE Ack: 0x5AA67C43 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.775632 24.197.194.106:1634 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50041 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EF77016 Ack: 0x5AA77B1E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.919694 24.197.194.106:1636 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50047 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EF99DA5 Ack: 0x5AA91A52 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.919713 24.197.194.106:1637 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50049 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EFA9ABB Ack: 0x5AAA01C0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:15.919737 24.197.194.106:1638 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50051 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EFB5725 Ack: 0x5AAAA9BE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:16.740141 24.197.194.106:1644 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50073 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7F02BB75 Ack: 0x5AAF16DC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:18.053839 24.197.194.106:1652 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50099 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7F0E30C1 Ack: 0x5AB49E6A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:19.373375 24.197.194.106:1660 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50120 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F18DEE1 Ack: 0x5ABA39A2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:19.492264 24.197.194.106:1662 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50123 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F1ACC65 Ack: 0x5ABB747A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:19.958208 24.197.194.106:1666 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50130 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7F1F40F5 Ack: 0x5ABDF46D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:39.815828 24.197.194.106:1674 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50156 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7F6B8BED Ack: 0x5B0A17A2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:40.705408 24.197.194.106:1675 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50159 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F6FB3BA Ack: 0x5B0E3AE8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:41.054156 24.197.194.106:1676 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50162 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F71D5C3 Ack: 0x5B100ACE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:56:47.477742 24.197.194.106:1718 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50175 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7F8BBEEC Ack: 0x5B296577 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.276507 24.197.194.106:1727 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50226 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FE63019 Ack: 0x5B80B529 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.296517 24.197.194.106:1728 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50230 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FE6E3A4 Ack: 0x5B8146CF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.388880 24.197.194.106:1734 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50245 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FE97C2D Ack: 0x5B828852 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.406803 24.197.194.106:1735 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50248 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FEA8CCB Ack: 0x5B837199 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.444556 24.197.194.106:1738 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50254 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7FEBFEF4 Ack: 0x5B846A87 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.465183 24.197.194.106:1739 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50263 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7FECE36D Ack: 0x5B855DFE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.505082 24.197.194.106:1741 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50268 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7FEEA0BC Ack: 0x5B86B8FC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.513881 24.197.194.106:1744 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50272 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FF02F57 Ack: 0x5B8762FD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.777389 24.197.194.106:1751 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50296 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7FF48D9C Ack: 0x5B88B79C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.785177 24.197.194.106:1755 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50297 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FF61D7E Ack: 0x5B893DB4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.785180 24.197.194.106:1756 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50298 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x7FF6F06C Ack: 0x5B89CD63 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:10.797898 24.197.194.106:1758 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50299 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7FF809CF Ack: 0x5B8A87A0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.429819 24.197.194.106:1759 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50313 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FF9D521 Ack: 0x5B8E16FA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.545992 24.197.194.106:1762 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50334 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x7FFBA538 Ack: 0x5B8F8E1A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.546019 24.197.194.106:1765 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50336 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7FFC6174 Ack: 0x5B905E60 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.586334 24.197.194.106:1768 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50340 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FFDD426 Ack: 0x5B90EE58 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.848526 24.197.194.106:1771 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50356 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x7FFFDBBD Ack: 0x5B92F4EF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.878379 24.197.194.106:1773 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50362 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x80018CCD Ack: 0x5B939A23 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.885235 24.197.194.106:1775 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50366 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x8003407F Ack: 0x5B943211 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.903611 24.197.194.106:1777 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50369 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x80041B50 Ack: 0x5B950DE9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:11.903620 24.197.194.106:1779 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50371 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8005B93A Ack: 0x5B95C3D9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:12.170814 24.197.194.106:1784 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50379 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x80089632 Ack: 0x5B9736BB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:12.597206 24.197.194.106:1788 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50390 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x800B084F Ack: 0x5B996E26 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:12.718254 24.197.194.106:1789 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50396 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x800C656D Ack: 0x5B9AB438 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:14.374381 24.197.194.106:1844 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50442 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8014027B Ack: 0x5BA20BAA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:15.395713 24.197.194.106:1847 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50461 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x801757C1 Ack: 0x5BA6061E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:16.256459 24.197.194.106:1851 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50486 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x801C0E7A Ack: 0x5BAA6519 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:16.925828 24.197.194.106:1855 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50497 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x801E2815 Ack: 0x5BADF6EC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:17.494807 24.197.194.106:1858 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50506 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80206109 Ack: 0x5BB06FD9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:17.604540 24.197.194.106:1860 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50513 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80214BFE Ack: 0x5BB1B059 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:17.624502 24.197.194.106:1861 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50515 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x80221738 Ack: 0x5BB2B35E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:20.722847 24.197.194.106:1871 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50602 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x802F9AC2 Ack: 0x5BBF2227 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:21.220854 24.197.194.106:1874 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50635 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8032EE04 Ack: 0x5BC13114 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:21.919752 24.197.194.106:1877 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50652 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8035110A Ack: 0x5BC47102 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:22.049685 24.197.194.106:1879 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50663 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x80375AAC Ack: 0x5BC6059D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:22.155949 24.197.194.106:1882 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50675 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x803A966C Ack: 0x5BC75A0A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:23.596457 24.197.194.106:1885 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50715 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x803F8789 Ack: 0x5BCD24EF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:23.706790 24.197.194.106:1886 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50725 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x804081E4 Ack: 0x5BCECC30 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:24.044888 24.197.194.106:1890 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50755 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x80448E88 Ack: 0x5BD0B58A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:24.064992 24.197.194.106:1891 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50759 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x804588C3 Ack: 0x5BD1F7BE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:24.112832 24.197.194.106:1892 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50768 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8046B8CB Ack: 0x5BD2D31E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:24.123586 24.197.194.106:1893 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50770 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x80476A4D Ack: 0x5BD39937 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:24.449131 24.197.194.106:1896 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50788 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x804A77A0 Ack: 0x5BD5CFFD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:24.654196 24.197.194.106:1897 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50807 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x804C22AB Ack: 0x5BD6EF9A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:25.013874 24.197.194.106:1901 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50824 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8050A7AD Ack: 0x5BD94B89 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:25.378268 24.197.194.106:1903 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50845 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8053ADC2 Ack: 0x5BDBB0C3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:26.108423 24.197.194.106:1905 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50867 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8057A3EA Ack: 0x5BDF36CB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:29.039333 24.197.194.106:1996 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50969 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8067D60D Ack: 0x5BEB6DE2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:30.813681 24.197.194.106:1999 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51022 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80710A88 Ack: 0x5BF2A4A6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:31.342110 24.197.194.106:2001 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51050 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80747145 Ack: 0x5BF586B6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:31.400208 24.197.194.106:2003 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51057 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8076520A Ack: 0x5BF6CA55 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:32.585043 24.197.194.106:2007 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51091 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x807D39E5 Ack: 0x5BFCA396 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:33.846056 24.197.194.106:2012 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51140 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8085A9B0 Ack: 0x5C05F18C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:34.946460 24.197.194.106:2015 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51170 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x808C4E0B Ack: 0x5C0AB539 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:35.303821 24.197.194.106:2017 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51184 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x808F489C Ack: 0x5C0D1581 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:35.781080 24.197.194.106:2018 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51195 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x80920C0B Ack: 0x5C0FB46A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:35.991355 24.197.194.106:2020 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51206 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80945FCE Ack: 0x5C116975 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:36.192797 24.197.194.106:2021 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51210 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8096033D Ack: 0x5C12F1BF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:38.138611 24.197.194.106:2037 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51247 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x809F7E14 Ack: 0x5C1AC376 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:39.736377 24.197.194.106:2040 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51294 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80A7C14E Ack: 0x5C21AF81 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:39.984189 24.197.194.106:2041 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51302 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x80A935CF Ack: 0x5C23D1A6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:41.401601 24.197.194.106:2046 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51328 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80AFAABF Ack: 0x5C29DDB1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:41.629831 24.197.194.106:2047 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51335 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80B101F6 Ack: 0x5C2B62F3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:42.585914 24.197.194.106:2051 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51360 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80B7FAA7 Ack: 0x5C2FCBC3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:42.725763 24.197.194.106:2052 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51365 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80B959ED Ack: 0x5C30EB8C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:46.924424 24.197.194.106:2061 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51416 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80CD4AEF Ack: 0x5C41CF38 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:47.594886 24.197.194.106:2063 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51432 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80D12E72 Ack: 0x5C456217 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:53.176473 24.197.194.106:2075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51519 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80EC8A77 Ack: 0x5C5B531C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:57:58.576863 24.197.194.106:2087 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51619 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8106A1C3 Ack: 0x5C70A338 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:58:03.592537 24.197.194.106:2099 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51695 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x811E4B10 Ack: 0x5C846B73 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:58:05.974982 24.197.194.106:2104 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51740 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x812B6095 Ack: 0x5C8E6912 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:58:06.763463 24.197.194.106:2105 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51757 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x812F0FDA Ack: 0x5C926AFA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.742926 24.197.194.106:2893 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56243 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x835D9F3A Ack: 0x5DA3240E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.742929 24.197.194.106:2894 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56244 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x835E75A8 Ack: 0x5DA40E9F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.770923 24.197.194.106:2895 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56247 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x835F23B9 Ack: 0x5DA4D454 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.783613 24.197.194.106:2896 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56252 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x835FA6DA Ack: 0x5DA58283 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.796030 24.197.194.106:2897 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56256 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x83608407 Ack: 0x5DA64733 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.804592 24.197.194.106:2898 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56258 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x83613A1C Ack: 0x5DA726C2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.813316 24.197.194.106:2899 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56262 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83621BA7 Ack: 0x5DA7F0B9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.854120 24.197.194.106:2900 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56270 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x836318C0 Ack: 0x5DA938C4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.873435 24.197.194.106:2901 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56272 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8363E75D Ack: 0x5DA9E53F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.873441 24.197.194.106:2902 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56275 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x8364B79C Ack: 0x5DAAC903 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.900375 24.197.194.106:2903 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56281 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x83657D4D Ack: 0x5DAB789B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.924182 24.197.194.106:2904 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56285 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83665F63 Ack: 0x5DAC1255 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.936994 24.197.194.106:2905 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56293 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x836746C4 Ack: 0x5DACFD37 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.992846 24.197.194.106:2906 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56304 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x83689721 Ack: 0x5DADEF20 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:17.992863 24.197.194.106:2908 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56306 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x836A5519 Ack: 0x5DAF40A3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.010903 24.197.194.106:2907 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56309 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x8369871D Ack: 0x5DAEB97B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.010927 24.197.194.106:2909 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56311 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x836B0253 Ack: 0x5DAFF927 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.040665 24.197.194.106:2910 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56318 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x836BC80A Ack: 0x5DB14BC1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.465385 24.197.194.106:2911 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56384 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x836CC764 Ack: 0x5DB229BF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.482238 24.197.194.106:2912 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56385 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x836D6EEE Ack: 0x5DB30CAA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.482242 24.197.194.106:2913 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56386 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x836E4075 Ack: 0x5DB3AF2F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.482244 24.197.194.106:2914 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56387 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x836F0071 Ack: 0x5DB499AC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.485324 24.197.194.106:2915 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56388 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x836FE2D1 Ack: 0x5DB52C58 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.493983 24.197.194.106:2916 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56389 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x8370DC9B Ack: 0x5DB67E99 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.493988 24.197.194.106:2917 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56390 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8371AB57 Ack: 0x5DB75F2B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.493990 24.197.194.106:2918 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56391 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x8372F55C Ack: 0x5DB8101A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.654083 24.197.194.106:2919 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56433 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x83743D00 Ack: 0x5DBAAB2C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.670697 24.197.194.106:2920 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56436 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83752951 Ack: 0x5DBB3165 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.688315 24.197.194.106:2921 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56440 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x8375B86A Ack: 0x5DBC0765 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.696103 24.197.194.106:2922 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56443 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x837665E8 Ack: 0x5DBC9938 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.706885 24.197.194.106:2923 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56444 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x83774043 Ack: 0x5DBD95C6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.706889 24.197.194.106:2925 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56446 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8378B3B8 Ack: 0x5DBF58F1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.719716 24.197.194.106:2924 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56448 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8378331D Ack: 0x5DBE5CD8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.725972 24.197.194.106:2926 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56451 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83795E42 Ack: 0x5DC0234F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.750673 24.197.194.106:2927 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56455 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x837A55EB Ack: 0x5DC14971 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.757540 24.197.194.106:2928 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56457 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x837B3274 Ack: 0x5DC1F20F Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.757546 24.197.194.106:2930 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56459 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x837C67B2 Ack: 0x5DC3C155 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.764028 24.197.194.106:2929 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56461 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x837BE652 Ack: 0x5DC2DBFB Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.786068 24.197.194.106:2931 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56464 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x837DA3E1 Ack: 0x5DC456D2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.786075 24.197.194.106:2933 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56466 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x837F4959 Ack: 0x5DC5AA51 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.791267 24.197.194.106:2932 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56468 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x837E7A1D Ack: 0x5DC50052 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.791271 24.197.194.106:2934 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56470 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x837FF568 Ack: 0x5DC63B55 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.828182 24.197.194.106:2935 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56476 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x83807FE3 Ack: 0x5DC725B6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.954360 24.197.194.106:2936 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56482 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x8381529F Ack: 0x5DC7E275 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229][Xref => http://www.securityfocus.com/bid/2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:18.954384 24.197.194.106:2937 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56483 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x8382AF84 Ack: 0x5DC936BD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.062556 24.197.194.106:2938 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56500 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x83839E30 Ack: 0x5DCA7BB7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.100558 24.197.194.106:2940 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56508 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x83855FC4 Ack: 0x5DCC5118 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.100745 24.197.194.106:2939 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56510 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x8384856D Ack: 0x5DCB961C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.196816 24.197.194.106:2941 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56522 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8386C369 Ack: 0x5DCDB0EC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.207549 24.197.194.106:2942 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56525 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x83879280 Ack: 0x5DCEA12D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.312875 24.197.194.106:2943 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56541 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x838885E4 Ack: 0x5DCF8DD2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.352898 24.197.194.106:2944 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56544 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x83894FFD Ack: 0x5DD013A4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.371337 24.197.194.106:2945 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56551 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x838A0D91 Ack: 0x5DD15A0B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.469074 24.197.194.106:2946 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56562 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x838B9C74 Ack: 0x5DD2B114 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.489099 24.197.194.106:2947 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56567 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x838C32EC Ack: 0x5DD352B3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.499467 24.197.194.106:2948 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56569 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x838CDEAC Ack: 0x5DD41766 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.714250 24.197.194.106:2949 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56588 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x838E7EAE Ack: 0x5DD58908 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.759544 24.197.194.106:2950 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56595 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x838F93F9 Ack: 0x5DD6DA10 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:19.779504 24.197.194.106:2951 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56597 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x839063AA Ack: 0x5DD76C83 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:20.223902 24.197.194.106:2954 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56622 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x83937627 Ack: 0x5DDB1461 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:20.223953 24.197.194.106:2955 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56624 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83941041 Ack: 0x5DDBF207 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:20.554171 24.197.194.106:2956 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56641 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x839630A7 Ack: 0x5DDDFB4D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:20.593146 24.197.194.106:2957 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56643 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x8396EEAB Ack: 0x5DDEEADB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:20.813431 24.197.194.106:2958 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56649 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x839899E2 Ack: 0x5DE0915B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:21.373223 24.197.194.106:2959 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56663 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x839B59C0 Ack: 0x5DE3D24C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:21.412661 24.197.194.106:2960 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56666 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x839CB50D Ack: 0x5DE47071 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:21.760060 24.197.194.106:2961 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56679 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x839EA82C Ack: 0x5DE6889F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:21.797066 24.197.194.106:2962 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56681 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x839F6DC4 Ack: 0x5DE727A7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.127395 24.197.194.106:2963 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56698 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x83A17D42 Ack: 0x5DE92344 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.167264 24.197.194.106:2964 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56701 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x83A24769 Ack: 0x5DEA60ED Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.287336 24.197.194.106:2965 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56707 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x83A341A1 Ack: 0x5DEBB622 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.296569 24.197.194.106:2966 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56709 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x83A48BA1 Ack: 0x5DEC8DDA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.545567 24.197.194.106:2967 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56731 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x83A64BCA Ack: 0x5DEE56D3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.576132 24.197.194.106:2975 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56735 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x83A70CC4 Ack: 0x5DEEE003 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.595606 24.197.194.106:2976 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56737 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x83A7D1DC Ack: 0x5DEF6D85 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.616762 24.197.194.106:2977 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56740 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x83A8BDAF Ack: 0x5DF045D6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.725986 24.197.194.106:2978 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56748 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x83AA0A99 Ack: 0x5DF1871A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.746082 24.197.194.106:2979 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56750 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x83AAE31E Ack: 0x5DF2C8E8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.795729 24.197.194.106:2949 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56751 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x838E7EAE Ack: 0x5DD58908 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.815751 24.197.194.106:2952 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56755 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x839199B2 Ack: 0x5DD8C4A8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.843796 24.197.194.106:2953 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56758 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83922511 Ack: 0x5DD953E6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:22.971898 24.197.194.106:2980 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56765 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83AC8769 Ack: 0x5DF45BAF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:23.101976 24.197.194.106:2981 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56779 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x83ADD734 Ack: 0x5DF59869 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:23.132410 24.197.194.106:2982 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56781 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83AE9CEE Ack: 0x5DF67C2B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:23.152003 24.197.194.106:2983 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56783 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x83AF5B9E Ack: 0x5DF797F4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:23.152034 24.197.194.106:2984 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56785 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x83B0485A Ack: 0x5DF87251 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:23.291413 24.197.194.106:2985 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56789 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x83B15C6B Ack: 0x5DF96C41 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:24.781073 24.197.194.106:2986 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56802 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83B7BC1E Ack: 0x5E0020B8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:24.812299 24.197.194.106:2987 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56806 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x83B8CF50 Ack: 0x5E00EBA4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:24.931132 24.197.194.106:2988 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56812 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83BA0718 Ack: 0x5E027CD0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:24.931154 24.197.194.106:2989 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56814 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83BA977A Ack: 0x5E0335E5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:28.814445 24.197.194.106:2998 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56826 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x83CA01B9 Ack: 0x5E123E35 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:59:31.256163 24.197.194.106:3001 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56834 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83D4E3F6 Ack: 0x5E1CB21F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:18.916028 24.197.194.106:3019 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56910 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x848ECD2A Ack: 0x5ED159E5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:18.953803 24.197.194.106:3021 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56917 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8490BBD2 Ack: 0x5ED1E36F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.022964 24.197.194.106:3023 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56935 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x84928251 Ack: 0x5ED3023A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.043274 24.197.194.106:3024 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56938 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x849347D0 Ack: 0x5ED3F96E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.083589 24.197.194.106:3027 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56947 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8495A3F5 Ack: 0x5ED52967 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.091972 24.197.194.106:3028 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56951 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84967FA3 Ack: 0x5ED5D819 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.187660 24.197.194.106:3030 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56968 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x84981175 Ack: 0x5ED6D5BF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.246938 24.197.194.106:3033 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56982 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x849AE5FA Ack: 0x5ED7A1E2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.246941 24.197.194.106:3034 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56983 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x849BD478 Ack: 0x5ED8824A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.255962 24.197.194.106:3036 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56986 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x849DB9B3 Ack: 0x5ED924DE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.286895 24.197.194.106:3037 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56990 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x849E85F6 Ack: 0x5ED9A693 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.551762 24.197.194.106:3041 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57014 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84A20D32 Ack: 0x5EDB0534 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.551764 24.197.194.106:3042 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57015 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84A2FC75 Ack: 0x5EDBAB3C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.682678 24.197.194.106:3045 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57050 IpLen:20 DgmLen:102 DF ***AP*** Seq: 0x84A54A8C Ack: 0x5EDDC1C6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.759349 24.197.194.106:3048 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57067 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84A80C89 Ack: 0x5EDEA8C7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.956646 24.197.194.106:3050 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57084 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x84A982B8 Ack: 0x5EDF28CB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.966654 24.197.194.106:3052 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57085 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84AB4013 Ack: 0x5EE002BB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.966676 24.197.194.106:3053 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57087 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84ABE8CA Ack: 0x5EE0C9FF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.976976 24.197.194.106:3055 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57088 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x84AD67A7 Ack: 0x5EE183D8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.986647 24.197.194.106:3057 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57089 IpLen:20 DgmLen:102 DF ***AP*** Seq: 0x84AF07C9 Ack: 0x5EE2755E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:19.986674 24.197.194.106:3059 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57091 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x84B0F1C0 Ack: 0x5EE37D41 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.135533 24.197.194.106:3061 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57128 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x84B29153 Ack: 0x5EE56D74 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.144809 24.197.194.106:3062 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57129 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x84B38C05 Ack: 0x5EE5F063 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.362996 24.197.194.106:3065 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57147 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x84B61D11 Ack: 0x5EE6C7B1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.363033 24.197.194.106:3067 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57149 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x84B73FCC Ack: 0x5EE819E8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.372998 24.197.194.106:3069 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57151 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x84B90E8B Ack: 0x5EE89BC7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.383050 24.197.194.106:3071 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57154 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84BAE9A4 Ack: 0x5EE960BD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.383066 24.197.194.106:3073 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57155 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84BC84A9 Ack: 0x5EEA1074 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.403278 24.197.194.106:3076 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57157 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x84BEF2F7 Ack: 0x5EEAC955 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.529567 24.197.194.106:3077 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57190 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84C00ED0 Ack: 0x5EECE246 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.547403 24.197.194.106:3080 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57196 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84C28B35 Ack: 0x5EEDA98A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.587363 24.197.194.106:3081 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57204 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84C318A6 Ack: 0x5EEED522 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.597276 24.197.194.106:3084 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57206 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x84C5B737 Ack: 0x5EEFA431 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.870426 24.197.194.106:3086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57234 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84C800E6 Ack: 0x5EF1A6CB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.870429 24.197.194.106:3087 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57235 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x84C900AE Ack: 0x5EF228B2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.908914 24.197.194.106:3090 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57241 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84CB7BF5 Ack: 0x5EF2DEFE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.921714 24.197.194.106:3091 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57245 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x84CC3CEC Ack: 0x5EF3B0F5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.931142 24.197.194.106:3093 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57249 IpLen:20 DgmLen:111 DF ***AP*** Seq: 0x84CD69F5 Ack: 0x5EF46A2A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.955774 24.197.194.106:3096 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57254 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84D02751 Ack: 0x5EF55C52 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:20.966035 24.197.194.106:3097 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57259 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x84D117D1 Ack: 0x5EF5EAFE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.305844 24.197.194.106:3103 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57292 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x84D553DA Ack: 0x5EF79460 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.322500 24.197.194.106:3104 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57296 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x84D5ECC0 Ack: 0x5EF881FE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.333292 24.197.194.106:3106 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57298 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x84D7975A Ack: 0x5EF920FA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.341806 24.197.194.106:3107 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57300 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84D857C9 Ack: 0x5EF9B4E4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.341811 24.197.194.106:3108 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57302 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x84D8F8DB Ack: 0x5EFA497B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.360339 24.197.194.106:3109 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57305 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x84DA3F91 Ack: 0x5EFB0AC8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.489717 24.197.194.106:3110 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57317 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84DB7E92 Ack: 0x5EFC4646 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.498518 24.197.194.106:3111 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57320 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x84DC6AD7 Ack: 0x5EFD04D7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.614902 24.197.194.106:3112 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57326 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x84DD6EF8 Ack: 0x5EFEA4B7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:21.644705 24.197.194.106:3115 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57332 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x84E043C2 Ack: 0x5EFF888C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:22.065466 24.197.194.106:3165 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57344 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x84E28F6B Ack: 0x5F01950D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:22.173073 24.197.194.106:3166 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57350 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x84E38742 Ack: 0x5F02E764 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:22.502144 24.197.194.106:3168 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57356 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84E52C56 Ack: 0x5F050057 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:22.612495 24.197.194.106:3169 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57362 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x84E67FBE Ack: 0x5F06BBF1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:23.126594 24.197.194.106:3171 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57370 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x84E94E49 Ack: 0x5F093AB7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:23.698496 24.197.194.106:3175 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57393 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x84EEDFDA Ack: 0x5F0C2D5F Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-13:00:23.806798 24.197.194.106:3176 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57398 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x84EFF067 Ack: 0x5F0D272F Win: 0x4470 TcpLen: 20 [**] [1:1002: