[**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/01-14:19:11.073849 68.37.54.69:1034 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:797 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/01-16:20:16.241402 12.252.61.161:1429 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:61853 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-00:27:31.470090 206.149.148.192:1101 -> 172.16.134.191:1434 UDP TTL:115 TOS:0x0 ID:59440 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-08:42:07.344898 218.4.87.137:1032 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:31825 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-08:57:10.953522 66.81.131.17:1382 -> 172.16.134.191:1434 UDP TTL:115 TOS:0x0 ID:55934 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-11:00:33.594400 61.177.56.98:1243 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:20802 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:615:3] SCAN SOCKS Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/02-13:24:55.179508 200.74.26.73:25590 -> 172.16.134.191:1080 TCP TTL:114 TOS:0x0 ID:34075 IpLen:20 DgmLen:40 DF ******S* Seq: 0x187C0000 Ack: 0x0 Win: 0x200 TcpLen: 20 [Xref => url help.undernet.org/proxyscan/] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-15:31:21.287394 61.132.88.90:4048 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:9872 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-15:46:38.157076 24.167.221.106:2383 -> 172.16.134.191:1434 UDP TTL:117 TOS:0x0 ID:61212 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-23:25:28.403821 67.201.75.38:4079 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:28137 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-02:27:50.266224 61.8.1.64:1045 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:53366 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-04:36:57.007466 61.132.88.90:4048 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:59794 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-06:27:51.069442 68.84.210.227:1154 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:63578 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-06:35:24.933871 66.233.4.225:3038 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:58599 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-07:38:06.339056 200.50.124.2:5247 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:42964 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-03:09:14.785262 12.253.142.87:1038 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:34501 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-03:10:15.242366 12.83.147.97:2141 -> 172.16.134.191:1434 UDP TTL:118 TOS:0x0 ID:37271 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-05:43:39.146868 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:21679 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-06:32:41.267271 218.92.13.142:3010 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:21531 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-06:43:18.243479 61.134.45.19:2790 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:33392 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-07:39:15.332990 61.132.88.90:4526 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:57416 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-09:06:39.141071 61.132.88.50:3402 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:12089 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-11:05:56.210828 218.4.99.237:1154 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:21230 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-15:36:27.744360 216.229.73.11:2604 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:25989 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-20:00:43.924985 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:2765 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-21:33:17.534737 168.243.103.205:1070 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:35515 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-00:30:51.477955 216.192.145.21:1244 -> 172.16.134.191:1434 UDP TTL:113 TOS:0x0 ID:58185 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-00:58:34.144382 61.185.29.9:4570 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:925 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:25.163950 210.22.204.101:1678 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:27400 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7616A79E Ack: 0x8B5A4420 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:25.181819 210.22.204.101:1678 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:27401 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7616AD52 Ack: 0x8B5A4420 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:44.284253 210.22.204.101:2927 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48133 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7A103040 Ack: 0x8BA4509E Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:44.295038 210.22.204.101:2927 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48134 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7A1035F4 Ack: 0x8BA4509E Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:54.171141 210.22.204.101:3556 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:60846 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7C0F00B8 Ack: 0x8BCA3AF5 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:54.171195 210.22.204.101:3556 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:60847 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7C0F066C Ack: 0x8BCA3AF5 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:04.022241 210.22.204.101:4276 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:10584 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7E4B596D Ack: 0x8BF0E9C8 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:04.033270 210.22.204.101:4276 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:10585 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7E4B5F21 Ack: 0x8BF0E9C8 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:13.860713 210.22.204.101:1144 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:28759 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x80581697 Ack: 0x8C1758F9 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:13.860765 210.22.204.101:1144 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:28760 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x80581C4B Ack: 0x8C1758F9 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:19.081891 210.22.204.101:1505 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:39146 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x817A2AFD Ack: 0x8C2C262C Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:19.082249 210.22.204.101:1505 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:39145 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x817A2549 Ack: 0x8C2C262C Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:24.316096 210.22.204.101:1801 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48594 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x826AFDCA Ack: 0x8C413F44 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:24.325966 210.22.204.101:1801 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48595 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x826B037E Ack: 0x8C413F44 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:29.564420 210.22.204.101:2161 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:58202 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x838B5F5B Ack: 0x8C55B66D Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:29.564485 210.22.204.101:2161 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:58203 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x838B650F Ack: 0x8C55B66D Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:34.794752 210.22.204.101:2545 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:2442 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x84B7DB99 Ack: 0x8C6AD5C3 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:34.794807 210.22.204.101:2545 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:2443 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x84B7E14D Ack: 0x8C6AD5C3 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:40.029342 210.22.204.101:2897 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:11431 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x85D11744 Ack: 0x8C7F485B Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:40.041135 210.22.204.101:2897 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:11432 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x85D11CF8 Ack: 0x8C7F485B Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:45.281996 210.22.204.101:3187 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:19134 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x86C2C0E8 Ack: 0x8C94199F Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:45.282048 210.22.204.101:3187 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:19135 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x86C2C69C Ack: 0x8C94199F Win: 0xFAF0 TcpLen: 20 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-04:07:40.602541 4.33.244.44:3558 -> 172.16.134.191:1434 UDP TTL:118 TOS:0x0 ID:38531 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-05:14:54.493121 24.74.199.104:1321 -> 172.16.134.191:1434 UDP TTL:113 TOS:0x0 ID:55474 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-05:31:14.104906 81.57.217.208:1457 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:37344 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-06:21:27.349170 172.16.134.191:1047 -> 207.172.16.156:80 TCP TTL:127 TOS:0x0 ID:59024 IpLen:20 DgmLen:292 DF ***AP*** Seq: 0x1C41A397 Ack: 0x950BA16A Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-06:21:28.233123 172.16.134.191:1046 -> 207.172.16.156:80 TCP TTL:127 TOS:0x0 ID:59050 IpLen:20 DgmLen:290 DF ***AP*** Seq: 0x1C3D40AB Ack: 0x95061964 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-06:21:28.234602 172.16.134.191:1047 -> 207.172.16.156:80 TCP TTL:127 TOS:0x0 ID:59052 IpLen:20 DgmLen:289 DF ***AP*** Seq: 0x1C41A493 Ack: 0x950BCC51 Win: 0x4470 TcpLen: 20 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 172.16.134.191 (THRESHOLD 4 connections exceeded in 4 seconds) [**] 04/18-11:45:05.016880 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 7 connections across 7 hosts: TCP(7), UDP(0) [**] 04/18-11:45:05.038966 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.542200 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.564171 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 6 connections across 6 hosts: TCP(6), UDP(0) [**] 04/18-11:45:05.630615 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.641074 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.652464 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.743176 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.760273 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-07:26:16.386836 61.185.212.166:1133 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:35025 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-07:31:01.805270 213.170.56.83:1037 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:20218 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.797660 [**] [100:3:1] spp_portscan: End of portscan from 172.16.134.191: TOTAL time(3169s) hosts(12) TCP(20) UDP(0) [**] 04/18-11:45:05.797930 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-09:17:57.297316 218.4.48.74:3017 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:37584 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-10:01:11.764238 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:24503 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-10:05:06.317809 212.162.165.18:1032 -> 172.16.134.191:1434 UDP TTL:109 TOS:0x0 ID:27300 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-10:11:38.134226 200.135.228.10:4273 -> 172.16.134.191:1434 UDP TTL:108 TOS:0x0 ID:53786 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 24.197.194.106 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 04/18-11:45:05.799839 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 04/18-11:45:05.804078 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.804419 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.804731 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.805231 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.805637 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.809054 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.195050 24.197.194.106:4272 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30029 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x6E7F537D Ack: 0x525C21B6 Win: 0x4470 TcpLen: 20 [**] [1:1129:4] WEB-MISC .htaccess access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:40.242531 24.197.194.106:4276 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30040 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6E827F42 Ack: 0x525CDC56 Win: 0x4470 TcpLen: 20 [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.405640 24.197.194.106:4277 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30085 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6E83A33D Ack: 0x525E577E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.596702 24.197.194.106:4324 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30139 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6E8891C9 Ack: 0x52602CB6 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1487:3] WEB-IIS /iisadmpwd/aexp2.htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.781893 24.197.194.106:4329 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30190 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6E8DB1A7 Ack: 0x5261C6A3 Win: 0x4470 TcpLen: 20 [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.926782 24.197.194.106:4331 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30205 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6E8EF74B Ack: 0x52626E8A Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.092974 24.197.194.106:4334 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30249 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6E92656F Ack: 0x52649EF6 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.159298 24.197.194.106:4337 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30259 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6E94EF97 Ack: 0x5265AEE0 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1487:3] WEB-IIS /iisadmpwd/aexp2.htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.175197 24.197.194.106:4339 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30263 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6E963211 Ack: 0x52664A02 Win: 0x4470 TcpLen: 20 [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.510299 24.197.194.106:4345 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30326 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x6E9C5833 Ack: 0x526874EE Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.549323 24.197.194.106:4347 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30338 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6E9E41AF Ack: 0x52694BBD Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.765057 24.197.194.106:4352 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30385 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6EA2B437 Ack: 0x526AF681 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.776477 24.197.194.106:4355 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30390 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x6EA4C997 Ack: 0x526BF574 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.942042 24.197.194.106:4359 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30416 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6EA8A2A6 Ack: 0x526DA6A1 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.159447 24.197.194.106:4363 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30450 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6EAC2134 Ack: 0x526F4CA9 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.699295 24.197.194.106:4367 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30499 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x6EB08996 Ack: 0x527275EA Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.858254 24.197.194.106:4370 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30529 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x6EB40886 Ack: 0x5273ECF5 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.986027 24.197.194.106:4373 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30557 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6EB641E8 Ack: 0x52752AA2 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.994844 24.197.194.106:4376 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30558 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x6EB8E566 Ack: 0x52765B5B Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.105918 24.197.194.106:4378 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30579 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x6EBAFA64 Ack: 0x52775ED8 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.137248 24.197.194.106:4382 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30585 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x6EBDF1BA Ack: 0x5277E92F Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.288614 24.197.194.106:4384 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30618 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x6EC06BE5 Ack: 0x527971DB Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.412323 24.197.194.106:4390 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30651 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x6EC49535 Ack: 0x527A9DB4 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.524498 24.197.194.106:4393 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30675 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x6EC71A52 Ack: 0x527BE5EF Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1242:6] WEB-IIS ISAPI .ida access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.735389 24.197.194.106:4398 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30706 IpLen:20 DgmLen:65 DF ***AP*** Seq: 0x6ECB2BA0 Ack: 0x527CF76B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1065][Xref => cve CAN-2000-0071][Xref => arachnids 552] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.851337 [**] [1:1486:3] WEB-IIS ctss.idc access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.138740 24.197.194.106:4407 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30834 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x6ED7F41E Ack: 0x5285D3CE Win: 0x4470 TcpLen: 20 [**] [1:984:6] WEB-IIS JET VBA access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.832390 24.197.194.106:4416 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30953 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x6EE27376 Ack: 0x5289F6EA Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 307] [**] [1:985:5] WEB-IIS JET VBA access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.856411 24.197.194.106:4418 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30955 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6EE3DFC5 Ack: 0x528A7883 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 286] [**] [1:1245:6] WEB-IIS ISAPI .idq access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.878236 24.197.194.106:4419 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30960 IpLen:20 DgmLen:65 DF ***AP*** Seq: 0x6EE4F5F2 Ack: 0x528B4782 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1065][Xref => cve CAN-2000-0071][Xref => arachnids 553] [**] [1:1130:4] WEB-MISC .wwwacl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:46.906299 24.197.194.106:4423 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31067 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6EEC70E3 Ack: 0x52911452 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.149246 24.197.194.106:4426 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31089 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x6EEF96FD Ack: 0x52920E74 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.313839 24.197.194.106:4430 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31121 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x6EF35342 Ack: 0x529484F0 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.401856 24.197.194.106:4433 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31139 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6EF62B8E Ack: 0x5295E415 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.618445 24.197.194.106:4438 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31171 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x6EFA7F75 Ack: 0x5297E39F Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.637689 24.197.194.106:4439 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31176 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6EFB5A86 Ack: 0x52987D2E Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.875897 24.197.194.106:4444 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31212 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6F00A58C Ack: 0x529A4F81 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.970679 24.197.194.106:4446 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31225 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x6F01E301 Ack: 0x529B8CF7 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.874294 [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:48.354234 24.197.194.106:4453 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31292 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x6F085652 Ack: 0x529E3D1C Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:48.680105 24.197.194.106:4458 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31349 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F0DCD33 Ack: 0x52A1A819 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.063943 24.197.194.106:4464 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31394 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F13E52F Ack: 0x52A3C155 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.688212 24.197.194.106:4467 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31442 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x6F18F95D Ack: 0x52A767DC Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.763569 24.197.194.106:4469 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31453 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x6F1A6CF3 Ack: 0x52A88099 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.907196 24.197.194.106:4471 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31468 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F1C719B Ack: 0x52A9CC02 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.063687 24.197.194.106:4474 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31489 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6F1FC4EE Ack: 0x52AB3289 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.097417 24.197.194.106:4475 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31502 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F21216C Ack: 0x52AC5EFB Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.102200 24.197.194.106:4476 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31503 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6F2204D3 Ack: 0x52AD5A2E Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.454424 24.197.194.106:4481 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31541 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x6F272216 Ack: 0x52AFB9C6 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.583624 24.197.194.106:4485 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31563 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x6F2AF9DB Ack: 0x52B10525 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.583628 24.197.194.106:4486 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31565 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F2BC9DE Ack: 0x52B22658 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.765542 24.197.194.106:4487 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31574 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x6F2D7C03 Ack: 0x52B3A668 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:51.954559 24.197.194.106:4491 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31641 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F355108 Ack: 0x52BA1870 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.899261 [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:52.672060 24.197.194.106:4495 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31698 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6F3BFB11 Ack: 0x52BDFD58 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:53.296626 24.197.194.106:4498 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31745 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x6F411123 Ack: 0x52C1CCFA Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:53.306685 24.197.194.106:4499 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31746 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x6F4204D1 Ack: 0x52C2AEEA Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:53.794460 24.197.194.106:4505 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31797 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F4836DD Ack: 0x52C63DCF Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:53.962073 24.197.194.106:4507 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31816 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x6F4A73FB Ack: 0x52C79793 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:53.962077 24.197.194.106:4508 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31818 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6F4B476F Ack: 0x52C88BC3 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.111438 24.197.194.106:4510 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31834 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x6F4D6777 Ack: 0x52C9DD5C Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.414672 24.197.194.106:4514 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31869 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6F51B7DC Ack: 0x52CB8D06 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.455791 24.197.194.106:4516 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31876 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6F5370BA Ack: 0x52CCCA99 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.623313 24.197.194.106:4518 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31893 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F55F94D Ack: 0x52CE38E7 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.661734 24.197.194.106:4520 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31897 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x6F572AC7 Ack: 0x52CF1D0F Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:54.864278 24.197.194.106:4522 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31915 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0x6F59A3A5 Ack: 0x52D0E9DE Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.929207 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.034049 24.197.194.106:4563 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32088 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F7782B3 Ack: 0x52DBD900 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.070701 24.197.194.106:4556 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32098 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F70A9C8 Ack: 0x52DC6551 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.090889 24.197.194.106:4557 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32105 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F71333A Ack: 0x52DD4DFA Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.104374 24.197.194.106:4558 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32110 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6F71F1AA Ack: 0x52DE0E77 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.112074 24.197.194.106:4559 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32111 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F734F78 Ack: 0x52DEAACA Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.112077 24.197.194.106:4551 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32112 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F6B070C Ack: 0x52DF586E Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.204263 24.197.194.106:4553 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32135 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F6D41D4 Ack: 0x52E10B10 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.227437 24.197.194.106:4565 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32143 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F79D32B Ack: 0x52E1F206 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.235110 24.197.194.106:4566 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32144 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6F7ABB7D Ack: 0x52E2D24C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.239928 24.197.194.106:4567 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32147 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6F7B76F9 Ack: 0x52E3A320 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1112:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.247609 24.197.194.106:4568 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32149 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x6F7C324C Ack: 0x52E48F36 Win: 0x4470 TcpLen: 20 [Xref => arachnids 298] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.273606 24.197.194.106:4569 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32157 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6F7CC1DC Ack: 0x52E5379E Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1115:5] WEB-MISC ICQ webserver DOS [**] [Classification: Attempted Denial of Service] [Priority: 2] 03/05-11:49:57.273609 24.197.194.106:4570 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32158 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F7D918A Ack: 0x52E60E7E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0474] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.274559 24.197.194.106:4571 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32159 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F7E140B Ack: 0x52E70631 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.345942 24.197.194.106:4578 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32180 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x6F834B60 Ack: 0x52EC8A41 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.008105 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.020410 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:05.235493 24.197.194.106:4766 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32802 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x700D7732 Ack: 0x532A0AE5 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:05.253276 24.197.194.106:4770 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32806 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x7010B70B Ack: 0x532AE044 Win: 0x4470 TcpLen: 20 [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:05.284447 24.197.194.106:4775 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32814 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x7014CE1E Ack: 0x532D1212 Win: 0x4470 TcpLen: 20 [**] [1:1126:6] WEB-MISC AuthChangeUrl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:06.323032 24.197.194.106:4838 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32910 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x702D8B9A Ack: 0x533540E5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:06.369340 24.197.194.106:4843 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32919 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7030EB11 Ack: 0x5336C93D Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:07.317831 24.197.194.106:4855 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32997 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x703D79CB Ack: 0x533BFB05 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:07.338660 24.197.194.106:4858 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33000 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x703F7C5D Ack: 0x533CC03A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:08.008371 24.197.194.106:4869 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33046 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x704BE748 Ack: 0x5340B67E Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.057167 [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:09.614918 24.197.194.106:4902 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33231 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x7069C299 Ack: 0x534967E5 Win: 0x4470 TcpLen: 20 [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:09.628158 24.197.194.106:4905 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33234 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x706C9525 Ack: 0x534A02CB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:09.642577 24.197.194.106:4910 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33241 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x707060D4 Ack: 0x534BFF42 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:09.671681 24.197.194.106:4913 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33248 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7072D656 Ack: 0x534C91C9 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:09.685923 24.197.194.106:4916 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33250 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x7074DC90 Ack: 0x534D25C9 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:10.355089 24.197.194.106:4934 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33316 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7086B6F8 Ack: 0x53518DE6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:10.585096 24.197.194.106:4938 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33354 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x708AD8A1 Ack: 0x5352D95D Win: 0x4470 TcpLen: 20 [**] [1:990:5] WEB-IIS _vti_inf access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:11.279694 24.197.194.106:4964 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33440 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x70A12CF8 Ack: 0x5357C208 Win: 0x4470 TcpLen: 20 [**] [1:937:6] WEB-FRONTPAGE _vti_rpc access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:11.900168 24.197.194.106:4978 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33513 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x70AE4392 Ack: 0x535D47FB Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2144] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.096891 [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.853869 24.197.194.106:4999 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33705 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x70C485E7 Ack: 0x53672285 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:992:5] WEB-IIS adctest.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.881971 24.197.194.106:1029 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33711 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x70C85603 Ack: 0x53694751 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.917107 24.197.194.106:1027 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33723 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x70C7136C Ack: 0x536864DC Win: 0x4470 TcpLen: 20 [**] [1:907:4] WEB-COLDFUSION addcontent.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:13.925516 24.197.194.106:1032 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33724 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x70CA5F43 Ack: 0x536A2290 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.932250 24.197.194.106:1035 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33726 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x70CC6EAE Ack: 0x536BE902 Win: 0x4470 TcpLen: 20 [**] [1:953:6] WEB-FRONTPAGE administrators.pwd access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.964029 24.197.194.106:1039 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33734 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x70CFFA9E Ack: 0x536E107B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1205] [**] [1:1218:4] WEB-MISC adminlogin access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:13.968841 24.197.194.106:1041 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33738 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x70D1637A Ack: 0x536E9E22 Win: 0x4470 TcpLen: 20 [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:13.991862 24.197.194.106:1045 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33745 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x70D4EA69 Ack: 0x537040DE Win: 0x4470 TcpLen: 20 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:14.010522 24.197.194.106:1048 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33748 IpLen:20 DgmLen:145 DF ***AP*** Seq: 0x70D6E4CC Ack: 0x5370FFD7 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1508:4] WEB-CGI alibaba.pl access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:14.029753 24.197.194.106:1050 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33755 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x70D91B11 Ack: 0x5372173A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0885] [**] [1:844:5] WEB-CGI args.bat access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:14.663962 24.197.194.106:1058 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33798 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x70E2009C Ack: 0x537698F2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1374] [**] [1:1452:3] WEB-CGI args.cmd access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:14.663971 24.197.194.106:1060 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33801 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x70E396D8 Ack: 0x53776AAB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1374] [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:14.750324 24.197.194.106:1062 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33812 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x70E534A8 Ack: 0x53784C72 Win: 0x4470 TcpLen: 20 [**] [1:951:6] WEB-FRONTPAGE authors.pwd access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:14.971650 24.197.194.106:1066 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33841 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x70E94A1E Ack: 0x537A6EC6 Win: 0x4470 TcpLen: 20 [Xref => nessus 10078][Xref => cve CVE-1999-0386] [**] [1:1533:4] WEB-CGI bb-hostscv.sh access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:15.093419 24.197.194.106:1069 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33859 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x70EC485F Ack: 0x537C55E5 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0638][Xref => nessus 10460] [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.181092 24.197.194.106:1070 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33869 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x70ED6BBA Ack: 0x537D4FFF Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:15.315331 24.197.194.106:1071 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33884 IpLen:20 DgmLen:65 DF ***AP*** Seq: 0x70EE6F69 Ack: 0x537E4A0D Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:914:4] WEB-COLDFUSION beaninfo access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:15.355605 24.197.194.106:1072 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33890 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x70EF786A Ack: 0x537F3903 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.659664 24.197.194.106:1075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33925 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x70F2C524 Ack: 0x538152CF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.729917 24.197.194.106:1077 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33935 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x70F4ED1D Ack: 0x53824F25 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.829929 24.197.194.106:1079 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33946 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x70F73F20 Ack: 0x5383C0D6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.148117 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:17.117735 24.197.194.106:1083 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34020 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x70FF3E06 Ack: 0x538A29E4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:18.017606 24.197.194.106:1086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34137 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x71051727 Ack: 0x538F5095 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.044545 24.197.194.106:1090 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34148 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x71085A6C Ack: 0x53912543 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.058997 24.197.194.106:1094 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34153 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x710B6C94 Ack: 0x53923EB3 Win: 0x4470 TcpLen: 20 [**] [1:1654:3] WEB-CGI cart32.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.083310 24.197.194.106:1097 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34158 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x710DFCF4 Ack: 0x5392E172 Win: 0x4470 TcpLen: 20 [**] [1:1654:3] WEB-CGI cart32.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.093270 24.197.194.106:1099 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34163 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x710F87A3 Ack: 0x539384AB Win: 0x4470 TcpLen: 20 [**] [1:1150:5] WEB-MISC Domino catalog.nsf access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.103675 24.197.194.106:1101 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34164 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x71113DEE Ack: 0x53945503 Win: 0x4470 TcpLen: 20 [**] [1:1022:6] WEB-IIS jet vba access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.123897 24.197.194.106:1104 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34171 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x7113C333 Ack: 0x539595A8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 286] [**] [1:1150:5] WEB-MISC Domino catalog.nsf access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.133261 24.197.194.106:1102 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34172 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x711242F5 Ack: 0x5394EE10 Win: 0x4470 TcpLen: 20 [**] [1:1022:6] WEB-IIS jet vba access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.144247 24.197.194.106:1106 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34176 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x7115636E Ack: 0x5396E391 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 286] [**] [1:903:5] WEB-COLDFUSION cfcache.map access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.293594 24.197.194.106:1115 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34206 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x711D9378 Ack: 0x539AE3C8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0057][Xref => bugtraq 917] [**] [1:931:5] WEB-COLDFUSION cfmlsyntaxcheck.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.319157 24.197.194.106:1117 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34209 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x711FA056 Ack: 0x539BA82C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:1542:4] WEB-CGI cgimail access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.616898 24.197.194.106:1121 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34236 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x71245CF2 Ack: 0x539EB148 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0726] [**] [1:1542:4] WEB-CGI cgimail access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.646715 24.197.194.106:1123 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34245 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7125D7C7 Ack: 0x539F826E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0726] [**] [1:1587:6] WEB-MISC cgitest.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.813278 24.197.194.106:1125 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34262 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7127FE14 Ack: 0x53A13255 Win: 0x4470 TcpLen: 20 [Xref => arachnids 265][Xref => bugtraq 3885][Xref => nessus 10040][Xref => cve CVE-2000-0521][Xref => nessus 10623] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.859876 24.197.194.106:1127 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34264 IpLen:20 DgmLen:95 DF ***AP*** Seq: 0x712964F0 Ack: 0x53A218DA Win: 0x4470 TcpLen: 20 [**] [1:1661:3] WEB-IIS cmd32.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:20.641215 24.197.194.106:1156 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34394 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x713921D7 Ack: 0x53ADE58E Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.237025 [**] [1:1661:3] WEB-IIS cmd32.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.322078 24.197.194.106:1159 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34565 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x71429C3A Ack: 0x53B615AA Win: 0x4470 TcpLen: 20 [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.330306 24.197.194.106:1161 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34566 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x7144192C Ack: 0x53B69AD2 Win: 0x4470 TcpLen: 20 [**] [1:1004:5] WEB-IIS codebrowser Exair access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.330308 24.197.194.106:1162 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34567 IpLen:20 DgmLen:97 DF ***AP*** Seq: 0x7145174C Ack: 0x53B75CEC Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0499] [**] [1:1005:5] WEB-IIS codebrowser SDK access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.358082 24.197.194.106:1164 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34573 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x714698D4 Ack: 0x53B8708A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 167] [**] [1:1401:3] WEB-IIS /msadc/samples/ access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.358101 24.197.194.106:1167 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34574 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x7148E9B0 Ack: 0x53B8F9A3 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.368095 24.197.194.106:1168 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34576 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7149D8CF Ack: 0x53B9DB8F Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.386209 24.197.194.106:1171 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34581 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x714C5E6B Ack: 0x53BA5DCB Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.416156 24.197.194.106:1174 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34587 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x714E5710 Ack: 0x53BBD87F Win: 0x4470 TcpLen: 20 [**] [1:1554:5] WEB-CGI dbman db.cgi access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.464675 24.197.194.106:1180 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34600 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x7152F8F4 Ack: 0x53BDE717 Win: 0x4470 TcpLen: 20 [Xref => nessus 10403][Xref => cve CVE-2000-0381] [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.501511 24.197.194.106:1184 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34610 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x715629F8 Ack: 0x53BFD650 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.537393 24.197.194.106:1186 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34620 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7157E602 Ack: 0x53C0B3E2 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.540635 24.197.194.106:1190 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34621 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x715AE2D8 Ack: 0x53C22BFA Win: 0x4470 TcpLen: 20 [**] [1:975:8] WEB-IIS .asp::$DATA access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.540662 24.197.194.106:1193 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34623 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x715CC46B Ack: 0x53C31521 Win: 0x4470 TcpLen: 20 [Xref => nessus 10362][Xref => cve CVE-1999-0278][Xref => url support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806][Xref => bugtraq 149] [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.615756 24.197.194.106:1196 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34642 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x715FEC1C Ack: 0x53C67EA3 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:912:5] WEB-COLDFUSION parks access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:22.641798 24.197.194.106:1198 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34652 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x71614A9B Ack: 0x53C7BE7F Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:50:22.750882 24.197.194.106:1203 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34668 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x7165FF29 Ack: 0x53CA655A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:23.219116 24.197.194.106:1207 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34706 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x716AF113 Ack: 0x53CFF094 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:23.263404 24.197.194.106:1211 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34716 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x716E4D7D Ack: 0x53D26958 Win: 0x4470 TcpLen: 20 [**] [1:1726:3] WEB-IIS doctodep.btr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:23.276651 24.197.194.106:1209 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34717 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x716D0060 Ack: 0x53D19280 Win: 0x4470 TcpLen: 20 [**] [1:967:6] WEB-FRONTPAGE dvwssr.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:24.067575 24.197.194.106:1213 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34763 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x71733174 Ack: 0x53D7CBF2 Win: 0x4470 TcpLen: 20 [Xref => url www.microsoft.com/technet/security/bulletin/ms00-025.asp][Xref => arachnids 271][Xref => cve CVE-2000-0260][Xref => bugtraq 1108] [**] [1:1706:4] WEB-CGI echo.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:25.612473 24.197.194.106:1222 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34864 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x718041D1 Ack: 0x53DFB640 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0213][Xref => nessus 10246] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.284123 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:26.345324 24.197.194.106:1225 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34909 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x71859489 Ack: 0x53E4D734 Win: 0x4470 TcpLen: 20 [**] [1:1517:6] WEB-CGI envout.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:26.616380 24.197.194.106:1226 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34932 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x7187463A Ack: 0x53E6D2B8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:50:26.616386 24.197.194.106:1228 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34934 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x7188B963 Ack: 0x53E7CE02 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [1:915:4] WEB-COLDFUSION evaluate.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:26.795998 24.197.194.106:1230 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34951 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x718AFF94 Ack: 0x53E94B4A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:26.937528 24.197.194.106:1231 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34961 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x718C7F8B Ack: 0x53EAACBB Win: 0x4470 TcpLen: 20 [**] [1:911:4] WEB-COLDFUSION exprcalc access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:27.161093 24.197.194.106:1233 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34978 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x718EAFD2 Ack: 0x53ED976B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550][Xref => cve CVE-1999-0455] [**] [1:910:4] WEB-COLDFUSION fileexists.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:27.450111 24.197.194.106:1236 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35003 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x7191FDDD Ack: 0x53EFEAEC Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:948:5] WEB-FRONTPAGE form_results access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:27.468879 24.197.194.106:1237 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35005 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7192E52C Ack: 0x53F0B159 Win: 0x4470 TcpLen: 20 [**] [1:911:4] WEB-COLDFUSION exprcalc access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:27.468888 24.197.194.106:1238 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35008 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7193B1BE Ack: 0x53F13A61 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550][Xref => cve CVE-1999-0455] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:27.874859 24.197.194.106:1241 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35030 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x71984283 Ack: 0x53F447C9 Win: 0x4470 TcpLen: 20 [**] [1:945:5] WEB-FRONTPAGE fpadmin.htm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:28.977032 24.197.194.106:1271 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35092 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x71A28099 Ack: 0x53FA52BB Win: 0x4470 TcpLen: 20 [**] [1:1013:6] WEB-IIS fpcount access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:29.076631 24.197.194.106:1273 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35102 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x71A45325 Ack: 0x53FB7FD6 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [1:1012:7] WEB-IIS fpcount attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:29.084313 24.197.194.106:1274 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35104 IpLen:20 DgmLen:111 DF ***AP*** Seq: 0x71A51998 Ack: 0x53FCC3B2 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [1:1013:6] WEB-IIS fpcount access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:29.449709 24.197.194.106:1277 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35126 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x71A94E9D Ack: 0x53FF1BF7 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.313146 [**] [1:1013:6] WEB-IIS fpcount access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:30.077952 24.197.194.106:1278 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35149 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x71ADB93B Ack: 0x5403717F Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:31.061756 24.197.194.106:1282 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35181 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x71B4FF04 Ack: 0x5408C4AF Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.324859 [**] [1:1180:6] WEB-MISC get32.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:34.938680 24.197.194.106:1299 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35311 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x71D40C8D Ack: 0x541FB9AE Win: 0x4470 TcpLen: 20 [Xref => arachnids 258][Xref => bugtraq 1485] [**] [1:1180:6] WEB-MISC get32.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:35.541984 24.197.194.106:1300 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35321 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x71D7F74A Ack: 0x5422F7F4 Win: 0x4470 TcpLen: 20 [Xref => arachnids 258][Xref => bugtraq 1485] [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:35.778762 24.197.194.106:1301 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35328 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x71DA0FCB Ack: 0x54255BB4 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:36.008964 24.197.194.106:1302 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35337 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x71DBEE2E Ack: 0x5426BD1F Win: 0x4470 TcpLen: 20 [**] [1:1015:5] WEB-IIS getdrvs.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:36.280753 24.197.194.106:1304 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35346 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x71DEE01A Ack: 0x54292CE1 Win: 0x4470 TcpLen: 20 [**] [1:906:4] WEB-COLDFUSION getfile.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:36.728729 24.197.194.106:1305 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35353 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x71E214F5 Ack: 0x542C5EED Win: 0x4470 TcpLen: 20 [Xref => bugtraq 229] [**] [1:906:4] WEB-COLDFUSION getfile.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:37.408756 24.197.194.106:1306 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35365 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x71E5A8F5 Ack: 0x542FF2A6 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 229] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.339587 [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:40.017266 24.197.194.106:1311 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35387 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x71F4C510 Ack: 0x543E78DD Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:930:5] WEB-COLDFUSION snippets attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:41.216388 24.197.194.106:1312 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35395 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x71FB7D33 Ack: 0x5444FCB7 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.344307 [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:08.699635 24.197.194.106:1321 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35427 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x726C9876 Ack: 0x54B66D4C Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1597:5] WEB-CGI guestbook.cgi access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:09.124513 24.197.194.106:1322 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35433 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x726F61AF Ack: 0x54B8DB96 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0237][Xref => nessus 10098] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:10.508747 24.197.194.106:1323 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35441 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x7276A6CD Ack: 0x54BFF1A2 Win: 0x4470 TcpLen: 20 [**] [1:1165:5] WEB-MISC novell groupwise gwweb.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:11.841780 24.197.194.106:1337 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35475 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x7281F631 Ack: 0x54C7029D Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1006][Xref => bugtraq 879] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.358894 [**] [1:1165:5] WEB-MISC novell groupwise gwweb.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:12.097419 24.197.194.106:1340 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35484 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x7284D571 Ack: 0x54C96FAE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1006][Xref => bugtraq 879] [**] [1:1708:4] WEB-CGI hello.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:13.799532 24.197.194.106:1349 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35532 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x728F5472 Ack: 0x54D3DCD7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0213][Xref => nessus 10246] [**] [1:1595:5] WEB-IIS htimage.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:14.433701 24.197.194.106:1352 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35548 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7292F934 Ack: 0x54D88E1E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0122][Xref => cve CAN-2000-0256][Xref => nessus 10376] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:15.156981 24.197.194.106:1354 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35558 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x72971C57 Ack: 0x54DCBD28 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.374889 [**] [1:1112:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:16.253421 24.197.194.106:1359 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35581 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x729BD514 Ack: 0x54E2DAED Win: 0x4470 TcpLen: 20 [Xref => arachnids 298] [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:16.259409 24.197.194.106:1361 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35585 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x729C8B4B Ack: 0x54E3A025 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:16.816802 24.197.194.106:1365 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35598 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72A0F6AB Ack: 0x54E6E981 Win: 0x4470 TcpLen: 20 [**] [1:1700:3] WEB-CGI imagemap.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:17.424415 24.197.194.106:1374 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35642 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x72A478E8 Ack: 0x54EA1D95 Win: 0x4470 TcpLen: 20 [Xref => arachnids 412][Xref => cve CVE-1999-0951] [**] [1:1146:4] WEB-MISC Ecommerce import.txt access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:17.432798 24.197.194.106:1375 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35645 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72A51758 Ack: 0x54EAD931 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.577001 24.197.194.106:1379 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35649 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x72A6E581 Ack: 0x54EBC1D4 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.691926 24.197.194.106:1462 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35669 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72A99F94 Ack: 0x54EDAE61 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.764251 24.197.194.106:1627 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35681 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x72ACC872 Ack: 0x54EF8956 Win: 0x4470 TcpLen: 20 [**] [1:975:8] WEB-IIS .asp::$DATA access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.764253 24.197.194.106:1630 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35682 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x72AE674E Ack: 0x54F07A2A Win: 0x4470 TcpLen: 20 [Xref => nessus 10362][Xref => cve CVE-1999-0278][Xref => url support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806][Xref => bugtraq 149] [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.945279 24.197.194.106:1636 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35692 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x72B1D72B Ack: 0x54F29EAF Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:913:5] WEB-COLDFUSION cfappman access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:18.406200 24.197.194.106:1640 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35705 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x72B5454C Ack: 0x54F61A0C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:908:5] WEB-COLDFUSION administrator access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:18.406210 24.197.194.106:1641 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35706 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x72B623B3 Ack: 0x54F70014 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0538] [**] [1:1513:6] WEB-CGI input.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.200913 24.197.194.106:1648 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35749 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72BD3D5C Ack: 0x54FD4B38 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:1515:6] WEB-CGI input2.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.239710 24.197.194.106:1649 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35752 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x72BE92F9 Ack: 0x54FDF477 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.901924 24.197.194.106:1651 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35902 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x72BFEA03 Ack: 0x5500B06F Win: 0x4470 TcpLen: 20 [**] [1:995:7] WEB-IIS ism.dll access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.901928 24.197.194.106:1653 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35903 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0x72C2053C Ack: 0x5501A277 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 189][Xref => cve CVE-2000-0630] [**] [1:1192:5] WEB-MISC Trend Micro OfficeScan access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:19.901930 24.197.194.106:1656 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35904 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x72C480BE Ack: 0x5502344E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1057] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.901932 24.197.194.106:1657 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35905 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x72C56777 Ack: 0x55032B21 Win: 0x4470 TcpLen: 20 [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.909108 24.197.194.106:1659 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35906 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72C6BA86 Ack: 0x55042DD4 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.919384 24.197.194.106:1661 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35907 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72C759F8 Ack: 0x5504E6C5 Win: 0x4470 TcpLen: 20 [**] [1:1539:4] WEB-CGI /cgi-bin/ls access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.927041 24.197.194.106:1665 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35910 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x72CA952F Ack: 0x5506BFBD Win: 0x4470 TcpLen: 20 [Xref => bugtraq 936][Xref => cve CAN-2000-0079] [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.927055 24.197.194.106:1670 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35912 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x72CDB650 Ack: 0x55082C28 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.011800 24.197.194.106:1673 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35922 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x72CF7086 Ack: 0x5508EC1D Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.011805 24.197.194.106:1718 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35924 IpLen:20 DgmLen:66 DF ***AP*** Seq: 0x72D29467 Ack: 0x550B3B7B Win: 0x4470 TcpLen: 20 [**] [1:975:8] WEB-IIS .asp::$DATA access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.020219 24.197.194.106:1721 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35925 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x72D436FB Ack: 0x550BCC3E Win: 0x4470 TcpLen: 20 [Xref => nessus 10362][Xref => cve CVE-1999-0278][Xref => url support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806][Xref => bugtraq 149] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.473506 [**] [1:1485:3] WEB-IIS mkilog.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:20.133065 24.197.194.106:1725 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35942 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0x72D8749A Ack: 0x550E7EE6 Win: 0x4470 TcpLen: 20 [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.133072 24.197.194.106:1726 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35944 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x72D95596 Ack: 0x550F948A Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1485:3] WEB-IIS mkilog.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:20.147528 24.197.194.106:1727 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35948 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x72DA4D3C Ack: 0x55103C71 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:23.659593 24.197.194.106:1737 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36066 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x72EFEE3A Ack: 0x55216D50 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:23.964628 24.197.194.106:1738 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36082 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F1A31D Ack: 0x552389B0 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.060555 24.197.194.106:1740 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36095 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F39933 Ack: 0x55252D9E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.491775 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.167683 24.197.194.106:1742 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36115 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x72F63FFE Ack: 0x5526651C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.210736 24.197.194.106:1743 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36122 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x72F6FC53 Ack: 0x552737F4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.238140 24.197.194.106:1746 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36129 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F929AD Ack: 0x55288CB8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.322600 24.197.194.106:1748 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36144 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x72FB4E39 Ack: 0x552997C8 Win: 0x4470 TcpLen: 20 [**] [1:1023:7] WEB-IIS msadcs.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.329358 24.197.194.106:1749 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36147 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x72FC4834 Ack: 0x552A7156 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 529][Xref => cve CVE-1999-1011] [**] [1:1024:5] WEB-IIS newdsn.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.362920 24.197.194.106:1750 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36154 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x72FD5F93 Ack: 0x552B3F7A Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0191][Xref => bugtraq 1818] [**] [1:940:6] WEB-FRONTPAGE shtml.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.551229 24.197.194.106:1755 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36181 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x7301C118 Ack: 0x552D5EE6 Win: 0x4470 TcpLen: 20 [Xref => arachnids 292] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.653088 24.197.194.106:1757 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36192 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x7303D453 Ack: 0x552EF166 Win: 0x4470 TcpLen: 20 [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:51:25.421397 24.197.194.106:1763 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36230 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x730B4FE3 Ack: 0x5533E742 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [1:1176:4] WEB-MISC order.log access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:26.080914 24.197.194.106:1765 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36261 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x730FC2E0 Ack: 0x55377B31 Win: 0x4470 TcpLen: 20 [**] [1:947:5] WEB-FRONTPAGE orders.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:26.293402 24.197.194.106:1767 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36278 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7311FD28 Ack: 0x55390AB3 Win: 0x4470 TcpLen: 20 [**] [1:807:7] WEB-CGI /wwwboard/passwd.txt access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:26.678061 24.197.194.106:1772 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36308 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x73184CAB Ack: 0x553C99BA Win: 0x4470 TcpLen: 20 [Xref => bugtraq 649][Xref => nessus 10321][Xref => cve CVE-1999-0953][Xref => arachnids 463] [**] [1:1772:3] WEB-IIS pbserver access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:27.647948 24.197.194.106:1776 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36339 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x731FBD9E Ack: 0x554234F6 Win: 0x4470 TcpLen: 20 [Xref => url www.microsoft.com/technet/security/bulletin/ms00-094.asp] [**] [1:832:8] WEB-CGI perl.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:28.020875 24.197.194.106:1778 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36360 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x7322994E Ack: 0x5544593C Win: 0x4470 TcpLen: 20 [Xref => nessus 10173][Xref => arachnids 219][Xref => url www.cert.org/advisories/CA-1996-11.html][Xref => cve CAN-1999-0509] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.525283 [**] [1:832:8] WEB-CGI perl.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:28.575921 24.197.194.106:1783 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36396 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x73294386 Ack: 0x5547EEC4 Win: 0x4470 TcpLen: 20 [Xref => nessus 10173][Xref => arachnids 219][Xref => url www.cert.org/advisories/CA-1996-11.html][Xref => cve CAN-1999-0509] [**] [1:832:8] WEB-CGI perl.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:28.735844 24.197.194.106:1785 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36409 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x732BD1D2 Ack: 0x55493A14 Win: 0x4470 TcpLen: 20 [Xref => nessus 10173][Xref => arachnids 219][Xref => url www.cert.org/advisories/CA-1996-11.html][Xref => cve CAN-1999-0509] [**] [1:976:7] WEB-IIS .bat? access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:29.137689 24.197.194.106:1787 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36421 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x732EE38C Ack: 0x554C11F9 Win: 0x4470 TcpLen: 20 [Xref => url support.microsoft.com/support/kb/articles/Q155/0/56.asp][Xref => url support.microsoft.com/support/kb/articles/Q148/1/88.asp][Xref => cve CVE-1999-0233][Xref => bugtraq 2023] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:29.353679 24.197.194.106:1789 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36428 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7330989B Ack: 0x554D91CF Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:29.855741 24.197.194.106:1790 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36445 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x73330BC1 Ack: 0x5550A7E8 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:30.433167 24.197.194.106:1793 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36469 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7337EC12 Ack: 0x5554831B Win: 0x4470 TcpLen: 20 [**] [1:889:5] WEB-CGI ppdscgi.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:30.650027 24.197.194.106:1794 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36479 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7339DB1A Ack: 0x55563A04 Win: 0x4470 TcpLen: 20 [Xref => url online.securityfocus.com/archive/1/16878][Xref => bugtraq 491] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:31.621022 24.197.194.106:1797 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36496 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x73405DFC Ack: 0x555CD8B5 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.544960 [**] [1:1028:5] WEB-IIS query.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.104445 24.197.194.106:1798 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36504 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x73438D20 Ack: 0x555FE334 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0449][Xref => bugtraq 193] [**] [1:1077:5] WEB-MISC queryhit.htm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.409958 24.197.194.106:1799 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36518 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x7345609B Ack: 0x5562307F Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.540997 24.197.194.106:1802 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36531 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x73485FCF Ack: 0x55650151 Win: 0x4470 TcpLen: 20 [**] [1:895:5] WEB-CGI redirect access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:32.737582 24.197.194.106:1803 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36539 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7349A911 Ack: 0x55668DFE Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0382][Xref => bugtraq 1179] [**] [1:956:5] WEB-FRONTPAGE register.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.764257 24.197.194.106:1804 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36541 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x734A7D29 Ack: 0x5567E019 Win: 0x4470 TcpLen: 20 [**] [1:957:5] WEB-FRONTPAGE registrations.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.848128 24.197.194.106:1805 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36545 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x734BC9DA Ack: 0x5568E5F0 Win: 0x4470 TcpLen: 20 [**] [1:1076:6] WEB-IIS repost.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:33.826314 24.197.194.106:1844 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36550 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x73513D1B Ack: 0x556DBF29 Win: 0x4470 TcpLen: 20 [Xref => nessus 10372] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:34.335250 24.197.194.106:1845 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36559 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x73545E50 Ack: 0x5570F864 Win: 0x4470 TcpLen: 20 [**] [1:833:5] WEB-CGI rguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:34.341549 24.197.194.106:1846 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36561 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x7355598B Ack: 0x5571F1A8 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:833:5] WEB-CGI rguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:35.504613 24.197.194.106:1849 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36575 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x735CB3D7 Ack: 0x5577FC7E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.568030 [**] [1:1852:3] WEB-MISC robots.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:40.653230 24.197.194.106:1861 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36634 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x737CB37D Ack: 0x558FA017 Win: 0x4470 TcpLen: 20 [Xref => nessus 10302] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.570910 [**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:05.376962 24.197.194.106:1877 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36705 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x73FC0AC1 Ack: 0x560AF01F Win: 0x4470 TcpLen: 20 [Xref => url www.cert.org/advisories/CA-2001-19.html] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:05.979779 24.197.194.106:1881 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36719 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x7401B0E7 Ack: 0x560F8385 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.580516 [**] [1:1767:3] WEB-MISC search.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:06.616859 24.197.194.106:1882 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36724 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x7405AAF6 Ack: 0x56135116 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0835][Xref => nessus 10514] [**] [1:1030:6] WEB-IIS search97.vts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:07.123356 24.197.194.106:1883 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36728 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x740891E0 Ack: 0x56163C3E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 162] [**] [1:1030:6] WEB-IIS search97.vts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:08.429440 24.197.194.106:1884 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36734 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x740F61B5 Ack: 0x561DFEC4 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 162] [**] [1:1659:3] WEB-COLDFUSION sendmail.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:09.633319 24.197.194.106:1889 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36757 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x7417535F Ack: 0x56238BBD Win: 0x4470 TcpLen: 20 [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:52:09.739104 24.197.194.106:1891 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36766 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x741922DF Ack: 0x56254DEE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.595590 [**] [1:959:5] WEB-FRONTPAGE service.pwd [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:10.160996 24.197.194.106:1897 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36793 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x741F5104 Ack: 0x56291D69 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1205] [**] [1:1469:3] WEB-CGI Web Shopper shopper.cgi access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:10.879422 24.197.194.106:1904 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36833 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7428042B Ack: 0x562DF30C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1776][Xref => cve CVE-2000-0922] [**] [1:1098:5] WEB-MISC SmartWin CyberOffice Shopping Cart access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:11.132014 24.197.194.106:1906 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36867 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x7429FA93 Ack: 0x562F2D64 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1734] [**] [1:1037:7] WEB-IIS showcode.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.151934 24.197.194.106:1910 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36875 IpLen:20 DgmLen:97 DF ***AP*** Seq: 0x742CF4C8 Ack: 0x56305B63 Win: 0x4470 TcpLen: 20 [Xref => nessus 10007][Xref => bugtraq 167][Xref => cve CAN-1999-0736] [**] [1:1037:7] WEB-IIS showcode.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.151954 24.197.194.106:1915 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36876 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x7430868B Ack: 0x56322C3B Win: 0x4470 TcpLen: 20 [Xref => nessus 10007][Xref => bugtraq 167][Xref => cve CAN-1999-0736] [**] [1:1037:7] WEB-IIS showcode.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.152126 24.197.194.106:1912 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36877 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x742E9E4D Ack: 0x56315A67 Win: 0x4470 TcpLen: 20 [Xref => nessus 10007][Xref => bugtraq 167][Xref => cve CAN-1999-0736] [**] [1:940:6] WEB-FRONTPAGE shtml.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.294148 24.197.194.106:1918 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36887 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74334DEB Ack: 0x5634DFD3 Win: 0x4470 TcpLen: 20 [Xref => arachnids 292] [**] [1:962:6] WEB-FRONTPAGE shtml.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.577052 24.197.194.106:1920 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36910 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x7435EE23 Ack: 0x5637EB9A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1174][Xref => bugtraq 1608][Xref => cve CAN-2000-0709][Xref => cve CAN-2000-0413][Xref => nessus 10405] [**] [1:1038:5] WEB-IIS site server config access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.613166 24.197.194.106:1923 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36919 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7437B0CE Ack: 0x563A4528 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 256] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.613168 24.197.194.106:1924 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36920 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x743863F5 Ack: 0x563B51AA Win: 0x4470 TcpLen: 20 [**] [1:870:4] WEB-CGI snorkerz.cmd access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:11.948349 24.197.194.106:1932 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36951 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x743F7087 Ack: 0x563F980F Win: 0x4470 TcpLen: 20 [**] [1:928:4] WEB-COLDFUSION exampleapp access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:12.261240 24.197.194.106:1936 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36973 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x744397C0 Ack: 0x5641BC27 Win: 0x4470 TcpLen: 20 [**] [1:1040:5] WEB-IIS srchadm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:12.289611 24.197.194.106:1937 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36978 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x74447E4B Ack: 0x5642736B Win: 0x4470 TcpLen: 20 [**] [1:1511:6] WEB-CGI test.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:12.297844 24.197.194.106:1939 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36980 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x7445CE64 Ack: 0x56440D72 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:1646:4] WEB-CGI test.cgi access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:12.392402 24.197.194.106:1940 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36983 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x7446B9E9 Ack: 0x56452BE5 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.653316 [**] [1:1650:3] WEB-CGI tst.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:15.553324 24.197.194.106:1999 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37012 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x74593BCE Ack: 0x5655AAAF Win: 0x4470 TcpLen: 20 [Xref => bugtraq 770][Xref => cve CAN-1999-0885] [**] [1:1650:3] WEB-CGI tst.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:15.777139 24.197.194.106:2002 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37039 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x745C30DC Ack: 0x5657309E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 770][Xref => cve CAN-1999-0885] [**] [1:902:5] WEB-CGI tstisapi.dll access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:15.784824 24.197.194.106:2004 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37040 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x745D71E1 Ack: 0x5657BD2E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2001-0302] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:15.973087 24.197.194.106:2006 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37046 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x745FA53A Ack: 0x56594CE7 Win: 0x4470 TcpLen: 20 [**] [1:837:5] WEB-CGI uploader.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:16.260219 24.197.194.106:2009 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37064 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x746266B1 Ack: 0x565B6D76 Win: 0x4470 TcpLen: 20 [Xref => nessus 10291][Xref => cve CVE-1999-0177] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.260223 24.197.194.106:2011 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37066 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7464497B Ack: 0x565C003C Win: 0x4470 TcpLen: 20 [**] [1:1041:5] WEB-IIS uploadn.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.358310 24.197.194.106:2013 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37078 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7465B0B5 Ack: 0x565D13C8 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.627709 24.197.194.106:2016 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37093 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7468A786 Ack: 0x565EDAC9 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.648035 24.197.194.106:2017 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37096 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x74692DFD Ack: 0x565F88B6 Win: 0x4470 TcpLen: 20 [**] [1:1457:3] WEB-CGI user_update_admin.pl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:17.720035 24.197.194.106:2030 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37159 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x747712CA Ack: 0x56666AE8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0627] [**] [1:1458:3] WEB-CGI user_update_passwd.pl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:17.996442 24.197.194.106:2035 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37169 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x747A0636 Ack: 0x5668D371 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0627] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.681260 [**] [1:964:5] WEB-FRONTPAGE users.pwd access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:18.112711 24.197.194.106:2036 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37173 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x747BA079 Ack: 0x566A3105 Win: 0x4470 TcpLen: 20 [**] [1:930:5] WEB-COLDFUSION snippets attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:18.310404 24.197.194.106:2037 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37177 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x747D014C Ack: 0x566B806A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:867:5] WEB-CGI visadmin.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:18.564425 24.197.194.106:2038 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37181 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x747EDBF6 Ack: 0x566D7796 Win: 0x4470 TcpLen: 20 [Xref => nessus 10295][Xref => cve CAN-1999-1970][Xref => bugtraq 1808] [**] [1:867:5] WEB-CGI visadmin.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:18.956103 24.197.194.106:2039 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37185 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x7480E801 Ack: 0x567051E7 Win: 0x4470 TcpLen: 20 [Xref => nessus 10295][Xref => cve CAN-1999-1970][Xref => bugtraq 1808] [**] [1:867:5] WEB-CGI visadmin.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:20.263757 24.197.194.106:2043 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37205 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7488DE83 Ack: 0x5677B682 Win: 0x4470 TcpLen: 20 [Xref => nessus 10295][Xref => cve CAN-1999-1970][Xref => bugtraq 1808] [**] [1:986:5] WEB-IIS MSProxy access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:20.950407 24.197.194.106:2050 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37241 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x74915B1F Ack: 0x567CDAD0 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:21.322177 24.197.194.106:2053 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37254 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x749506BD Ack: 0x567F67D8 Win: 0x4470 TcpLen: 20 [**] [1:1611:3] WEB-CGI eXtropia webstore access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:21.664735 24.197.194.106:2056 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37266 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x74989930 Ack: 0x568233B8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-1005][Xref => bugtraq 1774] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.702423 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:22.187035 24.197.194.106:2060 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37277 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x749CE89A Ack: 0x56852882 Win: 0x4470 TcpLen: 20 [**] [1:1400:3] WEB-IIS /scripts/samples/ access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:22.568595 24.197.194.106:2062 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37286 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x74A018A1 Ack: 0x5687FAFE Win: 0x4470 TcpLen: 20 [**] [1:1040:5] WEB-IIS srchadm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:22.986177 24.197.194.106:2064 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37298 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x74A386A2 Ack: 0x568A5480 Win: 0x4470 TcpLen: 20 [**] [1:852:5] WEB-CGI wguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:23.520499 24.197.194.106:2071 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37325 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74A9E598 Ack: 0x568F2698 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:852:5] WEB-CGI wguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:23.528688 24.197.194.106:2069 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37327 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74A87E9F Ack: 0x568E5F27 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:852:5] WEB-CGI wguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:24.267203 24.197.194.106:2075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37348 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74B04F7E Ack: 0x56938206 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:875:6] WEB-CGI win-c-sample.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:25.341224 24.197.194.106:2080 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37372 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x74B80B88 Ack: 0x569B1608 Win: 0x4470 TcpLen: 20 [Xref => nessus 10008][Xref => cve CVE-1999-0178][Xref => arachnids 231][Xref => bugtraq 2078] [**] [1:1158:7] WEB-MISC windmail.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:25.755419 24.197.194.106:2083 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37384 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x74BBB442 Ack: 0x569D5989 Win: 0x4470 TcpLen: 20 [Xref => nessus 10365][Xref => arachnids 465][Xref => bugtraq 1073][Xref => cve CAN-2000-0242] [**] [1:1166:5] WEB-MISC ws_ftp.ini access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:25.924094 24.197.194.106:2085 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37394 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x74BD9293 Ack: 0x569ECF09 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 547][Xref => cve CAN-1999-1078] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:26.089463 24.197.194.106:2086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37401 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x74BEC115 Ack: 0x56A0284D Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.731728 [**] [1:1175:6] WEB-MISC wwwboard.pl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:26.256297 24.197.194.106:2088 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37410 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x74C106A7 Ack: 0x56A25461 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0930][Xref => bugtraq 1795][Xref => bugtraq 649] [**] [1:1213:4] WEB-MISC backup access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:27.245350 24.197.194.106:2097 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37440 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x74CAEAC7 Ack: 0x56A81402 Win: 0x4470 TcpLen: 20 [**] [1:928:4] WEB-COLDFUSION exampleapp access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:27.823568 24.197.194.106:2101 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37459 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74D13835 Ack: 0x56ACB8C4 Win: 0x4470 TcpLen: 20 [**] [1:930:5] WEB-COLDFUSION snippets attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:29.943470 24.197.194.106:2112 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37703 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x74E0417D Ack: 0x56B8F603 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.801182 [**] [1:1301:4] WEB-MISC admin.php access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.205931 24.197.194.106:2141 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37780 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x74F63342 Ack: 0x56C5A832 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 3361] [**] [1:1103:6] WEB-MISC netscape admin passwd [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:30.217491 24.197.194.106:2144 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37783 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x74F895DA Ack: 0x56C6CFC5 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1579] [**] [1:904:4] WEB-COLDFUSION exampleapp application.cfm [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.548118 24.197.194.106:2148 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37830 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x74FC49CE Ack: 0x56C87627 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1021] [**] [1:905:4] WEB-COLDFUSION application.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.548124 24.197.194.106:2150 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37832 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x74FDABB6 Ack: 0x56C9563C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1021] [**] [1:903:5] WEB-COLDFUSION cfcache.map access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.569540 24.197.194.106:2155 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37836 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x75019BF0 Ack: 0x56CB179E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0057][Xref => bugtraq 917] [**] [1:1153:4] WEB-MISC Domino log.nsf access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:31.038338 24.197.194.106:2169 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37914 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x750C6DCF Ack: 0x56D5A444 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.890300 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.899430 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.901936 [**] [1:935:5] WEB-COLDFUSION startstop DOS access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:53:02.190185 24.197.194.106:2205 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:38135 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x75AF0201 Ack: 0x576C5D8B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 247] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.918080 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.949195 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.951658 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.954367 [**] [1:1002:5] WE