[**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/01-14:19:11.073849 68.37.54.69:1034 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:797 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/01-16:20:16.241402 12.252.61.161:1429 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:61853 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-00:27:31.470090 206.149.148.192:1101 -> 172.16.134.191:1434 UDP TTL:115 TOS:0x0 ID:59440 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-08:42:07.344898 218.4.87.137:1032 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:31825 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-08:57:10.953522 66.81.131.17:1382 -> 172.16.134.191:1434 UDP TTL:115 TOS:0x0 ID:55934 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-11:00:33.594400 61.177.56.98:1243 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:20802 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:615:3] SCAN SOCKS Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/02-13:24:55.179508 200.74.26.73:25590 -> 172.16.134.191:1080 TCP TTL:114 TOS:0x0 ID:34075 IpLen:20 DgmLen:40 DF ******S* Seq: 0x187C0000 Ack: 0x0 Win: 0x200 TcpLen: 20 [Xref => url help.undernet.org/proxyscan/] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-15:31:21.287394 61.132.88.90:4048 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:9872 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-15:46:38.157076 24.167.221.106:2383 -> 172.16.134.191:1434 UDP TTL:117 TOS:0x0 ID:61212 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/02-23:25:28.403821 67.201.75.38:4079 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:28137 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-02:27:50.266224 61.8.1.64:1045 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:53366 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-04:36:57.007466 61.132.88.90:4048 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:59794 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-06:27:51.069442 68.84.210.227:1154 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:63578 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-06:35:24.933871 66.233.4.225:3038 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:58599 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/03-07:38:06.339056 200.50.124.2:5247 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:42964 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-03:09:14.785262 12.253.142.87:1038 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:34501 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-03:10:15.242366 12.83.147.97:2141 -> 172.16.134.191:1434 UDP TTL:118 TOS:0x0 ID:37271 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-05:43:39.146868 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:21679 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-06:32:41.267271 218.92.13.142:3010 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:21531 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-06:43:18.243479 61.134.45.19:2790 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:33392 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-07:39:15.332990 61.132.88.90:4526 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:57416 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-09:06:39.141071 61.132.88.50:3402 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:12089 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-11:05:56.210828 218.4.99.237:1154 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:21230 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-15:36:27.744360 216.229.73.11:2604 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:25989 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-20:00:43.924985 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:2765 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/04-21:33:17.534737 168.243.103.205:1070 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:35515 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-00:30:51.477955 216.192.145.21:1244 -> 172.16.134.191:1434 UDP TTL:113 TOS:0x0 ID:58185 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-00:58:34.144382 61.185.29.9:4570 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:925 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:25.163950 210.22.204.101:1678 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:27400 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7616A79E Ack: 0x8B5A4420 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:25.181819 210.22.204.101:1678 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:27401 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7616AD52 Ack: 0x8B5A4420 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:44.284253 210.22.204.101:2927 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48133 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7A103040 Ack: 0x8BA4509E Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:44.295038 210.22.204.101:2927 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48134 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7A1035F4 Ack: 0x8BA4509E Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:54.171141 210.22.204.101:3556 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:60846 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7C0F00B8 Ack: 0x8BCA3AF5 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:39:54.171195 210.22.204.101:3556 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:60847 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7C0F066C Ack: 0x8BCA3AF5 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:04.022241 210.22.204.101:4276 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:10584 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x7E4B596D Ack: 0x8BF0E9C8 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:04.033270 210.22.204.101:4276 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:10585 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x7E4B5F21 Ack: 0x8BF0E9C8 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:13.860713 210.22.204.101:1144 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:28759 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x80581697 Ack: 0x8C1758F9 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:13.860765 210.22.204.101:1144 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:28760 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x80581C4B Ack: 0x8C1758F9 Win: 0xFAF0 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:19.081891 210.22.204.101:1505 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:39146 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x817A2AFD Ack: 0x8C2C262C Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:19.082249 210.22.204.101:1505 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:39145 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x817A2549 Ack: 0x8C2C262C Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:24.316096 210.22.204.101:1801 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48594 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x826AFDCA Ack: 0x8C413F44 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:24.325966 210.22.204.101:1801 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:48595 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x826B037E Ack: 0x8C413F44 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:29.564420 210.22.204.101:2161 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:58202 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x838B5F5B Ack: 0x8C55B66D Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:29.564485 210.22.204.101:2161 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:58203 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x838B650F Ack: 0x8C55B66D Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:34.794752 210.22.204.101:2545 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:2442 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x84B7DB99 Ack: 0x8C6AD5C3 Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:34.794807 210.22.204.101:2545 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:2443 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x84B7E14D Ack: 0x8C6AD5C3 Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:40.029342 210.22.204.101:2897 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:11431 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x85D11744 Ack: 0x8C7F485B Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:40.041135 210.22.204.101:2897 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:11432 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x85D11CF8 Ack: 0x8C7F485B Win: 0xFAF0 TcpLen: 20 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:45.281996 210.22.204.101:3187 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:19134 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x86C2C0E8 Ack: 0x8C94199F Win: 0xFAF0 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-03:40:45.282048 210.22.204.101:3187 -> 172.16.134.191:80 TCP TTL:107 TOS:0x0 ID:19135 IpLen:20 DgmLen:650 DF ***AP*** Seq: 0x86C2C69C Ack: 0x8C94199F Win: 0xFAF0 TcpLen: 20 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-04:07:40.602541 4.33.244.44:3558 -> 172.16.134.191:1434 UDP TTL:118 TOS:0x0 ID:38531 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-05:14:54.493121 24.74.199.104:1321 -> 172.16.134.191:1434 UDP TTL:113 TOS:0x0 ID:55474 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-05:31:14.104906 81.57.217.208:1457 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:37344 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-06:21:27.349170 172.16.134.191:1047 -> 207.172.16.156:80 TCP TTL:127 TOS:0x0 ID:59024 IpLen:20 DgmLen:292 DF ***AP*** Seq: 0x1C41A397 Ack: 0x950BA16A Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-06:21:28.233123 172.16.134.191:1046 -> 207.172.16.156:80 TCP TTL:127 TOS:0x0 ID:59050 IpLen:20 DgmLen:290 DF ***AP*** Seq: 0x1C3D40AB Ack: 0x95061964 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-06:21:28.234602 172.16.134.191:1047 -> 207.172.16.156:80 TCP TTL:127 TOS:0x0 ID:59052 IpLen:20 DgmLen:289 DF ***AP*** Seq: 0x1C41A493 Ack: 0x950BCC51 Win: 0x4470 TcpLen: 20 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 172.16.134.191 (THRESHOLD 4 connections exceeded in 4 seconds) [**] 04/18-11:45:05.016880 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 7 connections across 7 hosts: TCP(7), UDP(0) [**] 04/18-11:45:05.038966 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.542200 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.564171 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 6 connections across 6 hosts: TCP(6), UDP(0) [**] 04/18-11:45:05.630615 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.641074 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.652464 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.743176 [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.760273 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-07:26:16.386836 61.185.212.166:1133 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:35025 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-07:31:01.805270 213.170.56.83:1037 -> 172.16.134.191:1434 UDP TTL:114 TOS:0x0 ID:20218 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [100:2:1] spp_portscan: portscan status from 172.16.134.191: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.797660 [**] [100:3:1] spp_portscan: End of portscan from 172.16.134.191: TOTAL time(3169s) hosts(12) TCP(20) UDP(0) [**] 04/18-11:45:05.797930 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-09:17:57.297316 218.4.48.74:3017 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:37584 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-10:01:11.764238 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:24503 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-10:05:06.317809 212.162.165.18:1032 -> 172.16.134.191:1434 UDP TTL:109 TOS:0x0 ID:27300 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-10:11:38.134226 200.135.228.10:4273 -> 172.16.134.191:1434 UDP TTL:108 TOS:0x0 ID:53786 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 24.197.194.106 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 04/18-11:45:05.799839 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 04/18-11:45:05.804078 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.804419 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.804731 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.805231 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.805637 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 2 connections across 1 hosts: TCP(2), UDP(0) [**] 04/18-11:45:05.809054 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.195050 24.197.194.106:4272 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30029 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x6E7F537D Ack: 0x525C21B6 Win: 0x4470 TcpLen: 20 [**] [1:1129:4] WEB-MISC .htaccess access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:40.242531 24.197.194.106:4276 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30040 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6E827F42 Ack: 0x525CDC56 Win: 0x4470 TcpLen: 20 [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.405640 24.197.194.106:4277 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30085 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6E83A33D Ack: 0x525E577E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.596702 24.197.194.106:4324 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30139 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6E8891C9 Ack: 0x52602CB6 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1487:3] WEB-IIS /iisadmpwd/aexp2.htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.781893 24.197.194.106:4329 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30190 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6E8DB1A7 Ack: 0x5261C6A3 Win: 0x4470 TcpLen: 20 [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:40.926782 24.197.194.106:4331 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30205 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6E8EF74B Ack: 0x52626E8A Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.092974 24.197.194.106:4334 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30249 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6E92656F Ack: 0x52649EF6 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.159298 24.197.194.106:4337 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30259 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6E94EF97 Ack: 0x5265AEE0 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1487:3] WEB-IIS /iisadmpwd/aexp2.htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.175197 24.197.194.106:4339 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30263 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6E963211 Ack: 0x52664A02 Win: 0x4470 TcpLen: 20 [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.510299 24.197.194.106:4345 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30326 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x6E9C5833 Ack: 0x526874EE Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.549323 24.197.194.106:4347 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30338 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6E9E41AF Ack: 0x52694BBD Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.765057 24.197.194.106:4352 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30385 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6EA2B437 Ack: 0x526AF681 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.776477 24.197.194.106:4355 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30390 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x6EA4C997 Ack: 0x526BF574 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:41.942042 24.197.194.106:4359 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30416 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6EA8A2A6 Ack: 0x526DA6A1 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.159447 24.197.194.106:4363 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30450 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6EAC2134 Ack: 0x526F4CA9 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.699295 24.197.194.106:4367 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30499 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x6EB08996 Ack: 0x527275EA Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.858254 24.197.194.106:4370 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30529 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x6EB40886 Ack: 0x5273ECF5 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.986027 24.197.194.106:4373 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30557 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6EB641E8 Ack: 0x52752AA2 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:42.994844 24.197.194.106:4376 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30558 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x6EB8E566 Ack: 0x52765B5B Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.105918 24.197.194.106:4378 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30579 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x6EBAFA64 Ack: 0x52775ED8 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.137248 24.197.194.106:4382 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30585 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x6EBDF1BA Ack: 0x5277E92F Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.288614 24.197.194.106:4384 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30618 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x6EC06BE5 Ack: 0x527971DB Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.412323 24.197.194.106:4390 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30651 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x6EC49535 Ack: 0x527A9DB4 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.524498 24.197.194.106:4393 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30675 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x6EC71A52 Ack: 0x527BE5EF Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:1242:6] WEB-IIS ISAPI .ida access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:43.735389 24.197.194.106:4398 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30706 IpLen:20 DgmLen:65 DF ***AP*** Seq: 0x6ECB2BA0 Ack: 0x527CF76B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1065][Xref => cve CAN-2000-0071][Xref => arachnids 552] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.851337 [**] [1:1486:3] WEB-IIS ctss.idc access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.138740 24.197.194.106:4407 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30834 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x6ED7F41E Ack: 0x5285D3CE Win: 0x4470 TcpLen: 20 [**] [1:984:6] WEB-IIS JET VBA access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.832390 24.197.194.106:4416 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30953 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x6EE27376 Ack: 0x5289F6EA Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 307] [**] [1:985:5] WEB-IIS JET VBA access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.856411 24.197.194.106:4418 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30955 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6EE3DFC5 Ack: 0x528A7883 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 286] [**] [1:1245:6] WEB-IIS ISAPI .idq access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:49:45.878236 24.197.194.106:4419 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:30960 IpLen:20 DgmLen:65 DF ***AP*** Seq: 0x6EE4F5F2 Ack: 0x528B4782 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1065][Xref => cve CAN-2000-0071][Xref => arachnids 553] [**] [1:1130:4] WEB-MISC .wwwacl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:46.906299 24.197.194.106:4423 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31067 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6EEC70E3 Ack: 0x52911452 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.149246 24.197.194.106:4426 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31089 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x6EEF96FD Ack: 0x52920E74 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.313839 24.197.194.106:4430 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31121 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x6EF35342 Ack: 0x529484F0 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.401856 24.197.194.106:4433 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31139 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6EF62B8E Ack: 0x5295E415 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.618445 24.197.194.106:4438 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31171 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x6EFA7F75 Ack: 0x5297E39F Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.637689 24.197.194.106:4439 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31176 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6EFB5A86 Ack: 0x52987D2E Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.875897 24.197.194.106:4444 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31212 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6F00A58C Ack: 0x529A4F81 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:47.970679 24.197.194.106:4446 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31225 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x6F01E301 Ack: 0x529B8CF7 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.874294 [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:48.354234 24.197.194.106:4453 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31292 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x6F085652 Ack: 0x529E3D1C Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:48.680105 24.197.194.106:4458 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31349 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F0DCD33 Ack: 0x52A1A819 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.063943 24.197.194.106:4464 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31394 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F13E52F Ack: 0x52A3C155 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.688212 24.197.194.106:4467 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31442 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x6F18F95D Ack: 0x52A767DC Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.763569 24.197.194.106:4469 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31453 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x6F1A6CF3 Ack: 0x52A88099 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:49.907196 24.197.194.106:4471 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31468 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F1C719B Ack: 0x52A9CC02 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.063687 24.197.194.106:4474 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31489 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6F1FC4EE Ack: 0x52AB3289 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.097417 24.197.194.106:4475 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31502 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F21216C Ack: 0x52AC5EFB Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.102200 24.197.194.106:4476 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31503 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6F2204D3 Ack: 0x52AD5A2E Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.454424 24.197.194.106:4481 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31541 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x6F272216 Ack: 0x52AFB9C6 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.583624 24.197.194.106:4485 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31563 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x6F2AF9DB Ack: 0x52B10525 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.583628 24.197.194.106:4486 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31565 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F2BC9DE Ack: 0x52B22658 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:50.765542 24.197.194.106:4487 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31574 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x6F2D7C03 Ack: 0x52B3A668 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:51.954559 24.197.194.106:4491 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31641 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F355108 Ack: 0x52BA1870 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.899261 [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:52.672060 24.197.194.106:4495 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31698 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6F3BFB11 Ack: 0x52BDFD58 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:53.296626 24.197.194.106:4498 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31745 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x6F411123 Ack: 0x52C1CCFA Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:53.306685 24.197.194.106:4499 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31746 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x6F4204D1 Ack: 0x52C2AEEA Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:53.794460 24.197.194.106:4505 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31797 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F4836DD Ack: 0x52C63DCF Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:53.962073 24.197.194.106:4507 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31816 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x6F4A73FB Ack: 0x52C79793 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:53.962077 24.197.194.106:4508 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31818 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x6F4B476F Ack: 0x52C88BC3 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.111438 24.197.194.106:4510 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31834 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x6F4D6777 Ack: 0x52C9DD5C Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.414672 24.197.194.106:4514 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31869 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6F51B7DC Ack: 0x52CB8D06 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.455791 24.197.194.106:4516 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31876 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x6F5370BA Ack: 0x52CCCA99 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.623313 24.197.194.106:4518 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31893 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F55F94D Ack: 0x52CE38E7 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:54.661734 24.197.194.106:4520 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31897 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x6F572AC7 Ack: 0x52CF1D0F Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:54.864278 24.197.194.106:4522 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:31915 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0x6F59A3A5 Ack: 0x52D0E9DE Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:05.929207 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.034049 24.197.194.106:4563 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32088 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F7782B3 Ack: 0x52DBD900 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.070701 24.197.194.106:4556 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32098 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x6F70A9C8 Ack: 0x52DC6551 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.090889 24.197.194.106:4557 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32105 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F71333A Ack: 0x52DD4DFA Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.104374 24.197.194.106:4558 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32110 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x6F71F1AA Ack: 0x52DE0E77 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.112074 24.197.194.106:4559 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32111 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F734F78 Ack: 0x52DEAACA Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.112077 24.197.194.106:4551 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32112 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x6F6B070C Ack: 0x52DF586E Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.204263 24.197.194.106:4553 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32135 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x6F6D41D4 Ack: 0x52E10B10 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.227437 24.197.194.106:4565 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32143 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x6F79D32B Ack: 0x52E1F206 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.235110 24.197.194.106:4566 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32144 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x6F7ABB7D Ack: 0x52E2D24C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.239928 24.197.194.106:4567 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32147 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x6F7B76F9 Ack: 0x52E3A320 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1112:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.247609 24.197.194.106:4568 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32149 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x6F7C324C Ack: 0x52E48F36 Win: 0x4470 TcpLen: 20 [Xref => arachnids 298] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.273606 24.197.194.106:4569 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32157 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x6F7CC1DC Ack: 0x52E5379E Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1115:5] WEB-MISC ICQ webserver DOS [**] [Classification: Attempted Denial of Service] [Priority: 2] 03/05-11:49:57.273609 24.197.194.106:4570 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32158 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F7D918A Ack: 0x52E60E7E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0474] [**] [1:966:5] WEB-FRONTPAGE fourdots request [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:49:57.274559 24.197.194.106:4571 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32159 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x6F7E140B Ack: 0x52E70631 Win: 0x4470 TcpLen: 20 [Xref => arachnids 248][Xref => cve CAN-2000-0153][Xref => bugtraq 989] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:49:57.345942 24.197.194.106:4578 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32180 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x6F834B60 Ack: 0x52EC8A41 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.008105 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.020410 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:05.235493 24.197.194.106:4766 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32802 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x700D7732 Ack: 0x532A0AE5 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:05.253276 24.197.194.106:4770 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32806 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x7010B70B Ack: 0x532AE044 Win: 0x4470 TcpLen: 20 [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:05.284447 24.197.194.106:4775 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32814 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x7014CE1E Ack: 0x532D1212 Win: 0x4470 TcpLen: 20 [**] [1:1126:6] WEB-MISC AuthChangeUrl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:06.323032 24.197.194.106:4838 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32910 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x702D8B9A Ack: 0x533540E5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:06.369340 24.197.194.106:4843 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32919 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7030EB11 Ack: 0x5336C93D Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:07.317831 24.197.194.106:4855 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:32997 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x703D79CB Ack: 0x533BFB05 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:07.338660 24.197.194.106:4858 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33000 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x703F7C5D Ack: 0x533CC03A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:08.008371 24.197.194.106:4869 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33046 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x704BE748 Ack: 0x5340B67E Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.057167 [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:09.614918 24.197.194.106:4902 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33231 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x7069C299 Ack: 0x534967E5 Win: 0x4470 TcpLen: 20 [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:09.628158 24.197.194.106:4905 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33234 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x706C9525 Ack: 0x534A02CB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:09.642577 24.197.194.106:4910 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33241 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x707060D4 Ack: 0x534BFF42 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:09.671681 24.197.194.106:4913 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33248 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7072D656 Ack: 0x534C91C9 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:09.685923 24.197.194.106:4916 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33250 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x7074DC90 Ack: 0x534D25C9 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:10.355089 24.197.194.106:4934 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33316 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x7086B6F8 Ack: 0x53518DE6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:10.585096 24.197.194.106:4938 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33354 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x708AD8A1 Ack: 0x5352D95D Win: 0x4470 TcpLen: 20 [**] [1:990:5] WEB-IIS _vti_inf access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:11.279694 24.197.194.106:4964 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33440 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x70A12CF8 Ack: 0x5357C208 Win: 0x4470 TcpLen: 20 [**] [1:937:6] WEB-FRONTPAGE _vti_rpc access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:11.900168 24.197.194.106:4978 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33513 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x70AE4392 Ack: 0x535D47FB Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2144] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.096891 [**] [1:1044:6] WEB-IIS webhits access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.853869 24.197.194.106:4999 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33705 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x70C485E7 Ack: 0x53672285 Win: 0x4470 TcpLen: 20 [Xref => arachnids 237] [**] [1:992:5] WEB-IIS adctest.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.881971 24.197.194.106:1029 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33711 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x70C85603 Ack: 0x53694751 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.917107 24.197.194.106:1027 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33723 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x70C7136C Ack: 0x536864DC Win: 0x4470 TcpLen: 20 [**] [1:907:4] WEB-COLDFUSION addcontent.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:13.925516 24.197.194.106:1032 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33724 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x70CA5F43 Ack: 0x536A2290 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.932250 24.197.194.106:1035 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33726 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x70CC6EAE Ack: 0x536BE902 Win: 0x4470 TcpLen: 20 [**] [1:953:6] WEB-FRONTPAGE administrators.pwd access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:13.964029 24.197.194.106:1039 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33734 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x70CFFA9E Ack: 0x536E107B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1205] [**] [1:1218:4] WEB-MISC adminlogin access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:13.968841 24.197.194.106:1041 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33738 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x70D1637A Ack: 0x536E9E22 Win: 0x4470 TcpLen: 20 [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:13.991862 24.197.194.106:1045 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33745 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x70D4EA69 Ack: 0x537040DE Win: 0x4470 TcpLen: 20 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:14.010522 24.197.194.106:1048 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33748 IpLen:20 DgmLen:145 DF ***AP*** Seq: 0x70D6E4CC Ack: 0x5370FFD7 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1508:4] WEB-CGI alibaba.pl access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:14.029753 24.197.194.106:1050 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33755 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x70D91B11 Ack: 0x5372173A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0885] [**] [1:844:5] WEB-CGI args.bat access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:14.663962 24.197.194.106:1058 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33798 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x70E2009C Ack: 0x537698F2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1374] [**] [1:1452:3] WEB-CGI args.cmd access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:14.663971 24.197.194.106:1060 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33801 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x70E396D8 Ack: 0x53776AAB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1374] [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:14.750324 24.197.194.106:1062 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33812 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x70E534A8 Ack: 0x53784C72 Win: 0x4470 TcpLen: 20 [**] [1:951:6] WEB-FRONTPAGE authors.pwd access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:14.971650 24.197.194.106:1066 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33841 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x70E94A1E Ack: 0x537A6EC6 Win: 0x4470 TcpLen: 20 [Xref => nessus 10078][Xref => cve CVE-1999-0386] [**] [1:1533:4] WEB-CGI bb-hostscv.sh access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:15.093419 24.197.194.106:1069 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33859 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x70EC485F Ack: 0x537C55E5 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0638][Xref => nessus 10460] [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.181092 24.197.194.106:1070 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33869 IpLen:20 DgmLen:79 DF ***AP*** Seq: 0x70ED6BBA Ack: 0x537D4FFF Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:987:9] WEB-IIS .htr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:15.315331 24.197.194.106:1071 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33884 IpLen:20 DgmLen:65 DF ***AP*** Seq: 0x70EE6F69 Ack: 0x537E4A0D Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:914:4] WEB-COLDFUSION beaninfo access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:15.355605 24.197.194.106:1072 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33890 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x70EF786A Ack: 0x537F3903 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.659664 24.197.194.106:1075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33925 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x70F2C524 Ack: 0x538152CF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.729917 24.197.194.106:1077 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33935 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x70F4ED1D Ack: 0x53824F25 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:15.829929 24.197.194.106:1079 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:33946 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x70F73F20 Ack: 0x5383C0D6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.148117 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:17.117735 24.197.194.106:1083 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34020 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x70FF3E06 Ack: 0x538A29E4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:18.017606 24.197.194.106:1086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34137 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x71051727 Ack: 0x538F5095 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.044545 24.197.194.106:1090 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34148 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x71085A6C Ack: 0x53912543 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.058997 24.197.194.106:1094 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34153 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x710B6C94 Ack: 0x53923EB3 Win: 0x4470 TcpLen: 20 [**] [1:1654:3] WEB-CGI cart32.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.083310 24.197.194.106:1097 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34158 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x710DFCF4 Ack: 0x5392E172 Win: 0x4470 TcpLen: 20 [**] [1:1654:3] WEB-CGI cart32.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.093270 24.197.194.106:1099 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34163 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x710F87A3 Ack: 0x539384AB Win: 0x4470 TcpLen: 20 [**] [1:1150:5] WEB-MISC Domino catalog.nsf access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.103675 24.197.194.106:1101 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34164 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x71113DEE Ack: 0x53945503 Win: 0x4470 TcpLen: 20 [**] [1:1022:6] WEB-IIS jet vba access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.123897 24.197.194.106:1104 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34171 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x7113C333 Ack: 0x539595A8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 286] [**] [1:1150:5] WEB-MISC Domino catalog.nsf access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.133261 24.197.194.106:1102 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34172 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x711242F5 Ack: 0x5394EE10 Win: 0x4470 TcpLen: 20 [**] [1:1022:6] WEB-IIS jet vba access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.144247 24.197.194.106:1106 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34176 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x7115636E Ack: 0x5396E391 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0874][Xref => bugtraq 286] [**] [1:903:5] WEB-COLDFUSION cfcache.map access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.293594 24.197.194.106:1115 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34206 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x711D9378 Ack: 0x539AE3C8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0057][Xref => bugtraq 917] [**] [1:931:5] WEB-COLDFUSION cfmlsyntaxcheck.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:18.319157 24.197.194.106:1117 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34209 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x711FA056 Ack: 0x539BA82C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:1542:4] WEB-CGI cgimail access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.616898 24.197.194.106:1121 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34236 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x71245CF2 Ack: 0x539EB148 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0726] [**] [1:1542:4] WEB-CGI cgimail access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.646715 24.197.194.106:1123 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34245 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7125D7C7 Ack: 0x539F826E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0726] [**] [1:1587:6] WEB-MISC cgitest.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.813278 24.197.194.106:1125 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34262 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7127FE14 Ack: 0x53A13255 Win: 0x4470 TcpLen: 20 [Xref => arachnids 265][Xref => bugtraq 3885][Xref => nessus 10040][Xref => cve CVE-2000-0521][Xref => nessus 10623] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:18.859876 24.197.194.106:1127 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34264 IpLen:20 DgmLen:95 DF ***AP*** Seq: 0x712964F0 Ack: 0x53A218DA Win: 0x4470 TcpLen: 20 [**] [1:1661:3] WEB-IIS cmd32.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:20.641215 24.197.194.106:1156 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34394 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x713921D7 Ack: 0x53ADE58E Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.237025 [**] [1:1661:3] WEB-IIS cmd32.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.322078 24.197.194.106:1159 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34565 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x71429C3A Ack: 0x53B615AA Win: 0x4470 TcpLen: 20 [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.330306 24.197.194.106:1161 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34566 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x7144192C Ack: 0x53B69AD2 Win: 0x4470 TcpLen: 20 [**] [1:1004:5] WEB-IIS codebrowser Exair access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.330308 24.197.194.106:1162 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34567 IpLen:20 DgmLen:97 DF ***AP*** Seq: 0x7145174C Ack: 0x53B75CEC Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0499] [**] [1:1005:5] WEB-IIS codebrowser SDK access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.358082 24.197.194.106:1164 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34573 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x714698D4 Ack: 0x53B8708A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 167] [**] [1:1401:3] WEB-IIS /msadc/samples/ access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.358101 24.197.194.106:1167 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34574 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x7148E9B0 Ack: 0x53B8F9A3 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.368095 24.197.194.106:1168 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34576 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7149D8CF Ack: 0x53B9DB8F Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.386209 24.197.194.106:1171 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34581 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x714C5E6B Ack: 0x53BA5DCB Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.416156 24.197.194.106:1174 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34587 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x714E5710 Ack: 0x53BBD87F Win: 0x4470 TcpLen: 20 [**] [1:1554:5] WEB-CGI dbman db.cgi access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:22.464675 24.197.194.106:1180 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34600 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x7152F8F4 Ack: 0x53BDE717 Win: 0x4470 TcpLen: 20 [Xref => nessus 10403][Xref => cve CVE-2000-0381] [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.501511 24.197.194.106:1184 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34610 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x715629F8 Ack: 0x53BFD650 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.537393 24.197.194.106:1186 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34620 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7157E602 Ack: 0x53C0B3E2 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.540635 24.197.194.106:1190 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34621 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x715AE2D8 Ack: 0x53C22BFA Win: 0x4470 TcpLen: 20 [**] [1:975:8] WEB-IIS .asp::$DATA access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.540662 24.197.194.106:1193 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34623 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x715CC46B Ack: 0x53C31521 Win: 0x4470 TcpLen: 20 [Xref => nessus 10362][Xref => cve CVE-1999-0278][Xref => url support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806][Xref => bugtraq 149] [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:22.615756 24.197.194.106:1196 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34642 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x715FEC1C Ack: 0x53C67EA3 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:912:5] WEB-COLDFUSION parks access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:22.641798 24.197.194.106:1198 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34652 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x71614A9B Ack: 0x53C7BE7F Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:50:22.750882 24.197.194.106:1203 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34668 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x7165FF29 Ack: 0x53CA655A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:23.219116 24.197.194.106:1207 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34706 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x716AF113 Ack: 0x53CFF094 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:23.263404 24.197.194.106:1211 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34716 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x716E4D7D Ack: 0x53D26958 Win: 0x4470 TcpLen: 20 [**] [1:1726:3] WEB-IIS doctodep.btr access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:23.276651 24.197.194.106:1209 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34717 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x716D0060 Ack: 0x53D19280 Win: 0x4470 TcpLen: 20 [**] [1:967:6] WEB-FRONTPAGE dvwssr.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:24.067575 24.197.194.106:1213 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34763 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x71733174 Ack: 0x53D7CBF2 Win: 0x4470 TcpLen: 20 [Xref => url www.microsoft.com/technet/security/bulletin/ms00-025.asp][Xref => arachnids 271][Xref => cve CVE-2000-0260][Xref => bugtraq 1108] [**] [1:1706:4] WEB-CGI echo.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:25.612473 24.197.194.106:1222 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34864 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x718041D1 Ack: 0x53DFB640 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0213][Xref => nessus 10246] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.284123 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:26.345324 24.197.194.106:1225 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34909 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x71859489 Ack: 0x53E4D734 Win: 0x4470 TcpLen: 20 [**] [1:1517:6] WEB-CGI envout.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:26.616380 24.197.194.106:1226 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34932 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x7187463A Ack: 0x53E6D2B8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:50:26.616386 24.197.194.106:1228 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34934 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x7188B963 Ack: 0x53E7CE02 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [1:915:4] WEB-COLDFUSION evaluate.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:26.795998 24.197.194.106:1230 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34951 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x718AFF94 Ack: 0x53E94B4A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:26.937528 24.197.194.106:1231 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34961 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x718C7F8B Ack: 0x53EAACBB Win: 0x4470 TcpLen: 20 [**] [1:911:4] WEB-COLDFUSION exprcalc access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:27.161093 24.197.194.106:1233 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:34978 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x718EAFD2 Ack: 0x53ED976B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550][Xref => cve CVE-1999-0455] [**] [1:910:4] WEB-COLDFUSION fileexists.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:27.450111 24.197.194.106:1236 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35003 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x7191FDDD Ack: 0x53EFEAEC Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:948:5] WEB-FRONTPAGE form_results access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:27.468879 24.197.194.106:1237 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35005 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7192E52C Ack: 0x53F0B159 Win: 0x4470 TcpLen: 20 [**] [1:911:4] WEB-COLDFUSION exprcalc access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:27.468888 24.197.194.106:1238 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35008 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7193B1BE Ack: 0x53F13A61 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550][Xref => cve CVE-1999-0455] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:27.874859 24.197.194.106:1241 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35030 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x71984283 Ack: 0x53F447C9 Win: 0x4470 TcpLen: 20 [**] [1:945:5] WEB-FRONTPAGE fpadmin.htm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:28.977032 24.197.194.106:1271 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35092 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x71A28099 Ack: 0x53FA52BB Win: 0x4470 TcpLen: 20 [**] [1:1013:6] WEB-IIS fpcount access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:29.076631 24.197.194.106:1273 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35102 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x71A45325 Ack: 0x53FB7FD6 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [1:1012:7] WEB-IIS fpcount attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:29.084313 24.197.194.106:1274 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35104 IpLen:20 DgmLen:111 DF ***AP*** Seq: 0x71A51998 Ack: 0x53FCC3B2 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [1:1013:6] WEB-IIS fpcount access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:29.449709 24.197.194.106:1277 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35126 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x71A94E9D Ack: 0x53FF1BF7 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.313146 [**] [1:1013:6] WEB-IIS fpcount access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:30.077952 24.197.194.106:1278 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35149 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x71ADB93B Ack: 0x5403717F Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2252] [**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:31.061756 24.197.194.106:1282 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35181 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x71B4FF04 Ack: 0x5408C4AF Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.324859 [**] [1:1180:6] WEB-MISC get32.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:34.938680 24.197.194.106:1299 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35311 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x71D40C8D Ack: 0x541FB9AE Win: 0x4470 TcpLen: 20 [Xref => arachnids 258][Xref => bugtraq 1485] [**] [1:1180:6] WEB-MISC get32.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:35.541984 24.197.194.106:1300 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35321 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x71D7F74A Ack: 0x5422F7F4 Win: 0x4470 TcpLen: 20 [Xref => arachnids 258][Xref => bugtraq 1485] [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:35.778762 24.197.194.106:1301 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35328 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x71DA0FCB Ack: 0x54255BB4 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:36.008964 24.197.194.106:1302 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35337 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x71DBEE2E Ack: 0x5426BD1F Win: 0x4470 TcpLen: 20 [**] [1:1015:5] WEB-IIS getdrvs.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:50:36.280753 24.197.194.106:1304 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35346 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x71DEE01A Ack: 0x54292CE1 Win: 0x4470 TcpLen: 20 [**] [1:906:4] WEB-COLDFUSION getfile.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:36.728729 24.197.194.106:1305 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35353 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x71E214F5 Ack: 0x542C5EED Win: 0x4470 TcpLen: 20 [Xref => bugtraq 229] [**] [1:906:4] WEB-COLDFUSION getfile.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:37.408756 24.197.194.106:1306 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35365 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x71E5A8F5 Ack: 0x542FF2A6 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 229] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.339587 [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:50:40.017266 24.197.194.106:1311 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35387 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x71F4C510 Ack: 0x543E78DD Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:930:5] WEB-COLDFUSION snippets attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:50:41.216388 24.197.194.106:1312 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35395 IpLen:20 DgmLen:93 DF ***AP*** Seq: 0x71FB7D33 Ack: 0x5444FCB7 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.344307 [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:08.699635 24.197.194.106:1321 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35427 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x726C9876 Ack: 0x54B66D4C Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1597:5] WEB-CGI guestbook.cgi access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:09.124513 24.197.194.106:1322 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35433 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x726F61AF Ack: 0x54B8DB96 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0237][Xref => nessus 10098] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:10.508747 24.197.194.106:1323 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35441 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x7276A6CD Ack: 0x54BFF1A2 Win: 0x4470 TcpLen: 20 [**] [1:1165:5] WEB-MISC novell groupwise gwweb.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:11.841780 24.197.194.106:1337 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35475 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x7281F631 Ack: 0x54C7029D Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1006][Xref => bugtraq 879] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.358894 [**] [1:1165:5] WEB-MISC novell groupwise gwweb.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:12.097419 24.197.194.106:1340 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35484 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x7284D571 Ack: 0x54C96FAE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-1006][Xref => bugtraq 879] [**] [1:1708:4] WEB-CGI hello.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:13.799532 24.197.194.106:1349 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35532 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x728F5472 Ack: 0x54D3DCD7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0213][Xref => nessus 10246] [**] [1:1595:5] WEB-IIS htimage.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:14.433701 24.197.194.106:1352 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35548 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7292F934 Ack: 0x54D88E1E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0122][Xref => cve CAN-2000-0256][Xref => nessus 10376] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:15.156981 24.197.194.106:1354 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35558 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x72971C57 Ack: 0x54DCBD28 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.374889 [**] [1:1112:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:16.253421 24.197.194.106:1359 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35581 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x729BD514 Ack: 0x54E2DAED Win: 0x4470 TcpLen: 20 [Xref => arachnids 298] [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:16.259409 24.197.194.106:1361 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35585 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x729C8B4B Ack: 0x54E3A025 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:16.816802 24.197.194.106:1365 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35598 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72A0F6AB Ack: 0x54E6E981 Win: 0x4470 TcpLen: 20 [**] [1:1700:3] WEB-CGI imagemap.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:17.424415 24.197.194.106:1374 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35642 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x72A478E8 Ack: 0x54EA1D95 Win: 0x4470 TcpLen: 20 [Xref => arachnids 412][Xref => cve CVE-1999-0951] [**] [1:1146:4] WEB-MISC Ecommerce import.txt access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:17.432798 24.197.194.106:1375 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35645 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72A51758 Ack: 0x54EAD931 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.577001 24.197.194.106:1379 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35649 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x72A6E581 Ack: 0x54EBC1D4 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.691926 24.197.194.106:1462 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35669 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72A99F94 Ack: 0x54EDAE61 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.764251 24.197.194.106:1627 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35681 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x72ACC872 Ack: 0x54EF8956 Win: 0x4470 TcpLen: 20 [**] [1:975:8] WEB-IIS .asp::$DATA access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.764253 24.197.194.106:1630 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35682 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x72AE674E Ack: 0x54F07A2A Win: 0x4470 TcpLen: 20 [Xref => nessus 10362][Xref => cve CVE-1999-0278][Xref => url support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806][Xref => bugtraq 149] [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:17.945279 24.197.194.106:1636 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35692 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x72B1D72B Ack: 0x54F29EAF Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:913:5] WEB-COLDFUSION cfappman access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:18.406200 24.197.194.106:1640 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35705 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x72B5454C Ack: 0x54F61A0C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:908:5] WEB-COLDFUSION administrator access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:18.406210 24.197.194.106:1641 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35706 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x72B623B3 Ack: 0x54F70014 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0538] [**] [1:1513:6] WEB-CGI input.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.200913 24.197.194.106:1648 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35749 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72BD3D5C Ack: 0x54FD4B38 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:1515:6] WEB-CGI input2.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.239710 24.197.194.106:1649 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35752 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x72BE92F9 Ack: 0x54FDF477 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:993:6] WEB-IIS iisadmin access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.901924 24.197.194.106:1651 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35902 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x72BFEA03 Ack: 0x5500B06F Win: 0x4470 TcpLen: 20 [**] [1:995:7] WEB-IIS ism.dll access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.901928 24.197.194.106:1653 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35903 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0x72C2053C Ack: 0x5501A277 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 189][Xref => cve CVE-2000-0630] [**] [1:1192:5] WEB-MISC Trend Micro OfficeScan access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:19.901930 24.197.194.106:1656 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35904 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x72C480BE Ack: 0x5502344E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1057] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.901932 24.197.194.106:1657 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35905 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x72C56777 Ack: 0x55032B21 Win: 0x4470 TcpLen: 20 [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.909108 24.197.194.106:1659 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35906 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72C6BA86 Ack: 0x55042DD4 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.919384 24.197.194.106:1661 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35907 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x72C759F8 Ack: 0x5504E6C5 Win: 0x4470 TcpLen: 20 [**] [1:1539:4] WEB-CGI /cgi-bin/ls access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:19.927041 24.197.194.106:1665 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35910 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x72CA952F Ack: 0x5506BFBD Win: 0x4470 TcpLen: 20 [Xref => bugtraq 936][Xref => cve CAN-2000-0079] [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:19.927055 24.197.194.106:1670 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35912 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x72CDB650 Ack: 0x55082C28 Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.011800 24.197.194.106:1673 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35922 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x72CF7086 Ack: 0x5508EC1D Win: 0x4470 TcpLen: 20 [**] [1:997:5] WEB-IIS asp-dot attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.011805 24.197.194.106:1718 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35924 IpLen:20 DgmLen:66 DF ***AP*** Seq: 0x72D29467 Ack: 0x550B3B7B Win: 0x4470 TcpLen: 20 [**] [1:975:8] WEB-IIS .asp::$DATA access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.020219 24.197.194.106:1721 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35925 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x72D436FB Ack: 0x550BCC3E Win: 0x4470 TcpLen: 20 [Xref => nessus 10362][Xref => cve CVE-1999-0278][Xref => url support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806][Xref => bugtraq 149] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.473506 [**] [1:1485:3] WEB-IIS mkilog.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:20.133065 24.197.194.106:1725 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35942 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0x72D8749A Ack: 0x550E7EE6 Win: 0x4470 TcpLen: 20 [**] [1:1725:3] WEB-IIS +.htr code fragment attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:20.133072 24.197.194.106:1726 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35944 IpLen:20 DgmLen:70 DF ***AP*** Seq: 0x72D95596 Ack: 0x550F948A Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0630] [**] [1:1485:3] WEB-IIS mkilog.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:20.147528 24.197.194.106:1727 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:35948 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x72DA4D3C Ack: 0x55103C71 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:23.659593 24.197.194.106:1737 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36066 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x72EFEE3A Ack: 0x55216D50 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:23.964628 24.197.194.106:1738 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36082 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F1A31D Ack: 0x552389B0 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.060555 24.197.194.106:1740 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36095 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F39933 Ack: 0x55252D9E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.491775 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.167683 24.197.194.106:1742 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36115 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x72F63FFE Ack: 0x5526651C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.210736 24.197.194.106:1743 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36122 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x72F6FC53 Ack: 0x552737F4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.238140 24.197.194.106:1746 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36129 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x72F929AD Ack: 0x55288CB8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:24.322600 24.197.194.106:1748 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36144 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x72FB4E39 Ack: 0x552997C8 Win: 0x4470 TcpLen: 20 [**] [1:1023:7] WEB-IIS msadcs.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.329358 24.197.194.106:1749 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36147 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x72FC4834 Ack: 0x552A7156 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 529][Xref => cve CVE-1999-1011] [**] [1:1024:5] WEB-IIS newdsn.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.362920 24.197.194.106:1750 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36154 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x72FD5F93 Ack: 0x552B3F7A Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0191][Xref => bugtraq 1818] [**] [1:940:6] WEB-FRONTPAGE shtml.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.551229 24.197.194.106:1755 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36181 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x7301C118 Ack: 0x552D5EE6 Win: 0x4470 TcpLen: 20 [Xref => arachnids 292] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:24.653088 24.197.194.106:1757 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36192 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x7303D453 Ack: 0x552EF166 Win: 0x4470 TcpLen: 20 [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:51:25.421397 24.197.194.106:1763 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36230 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x730B4FE3 Ack: 0x5533E742 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [1:1176:4] WEB-MISC order.log access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:26.080914 24.197.194.106:1765 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36261 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x730FC2E0 Ack: 0x55377B31 Win: 0x4470 TcpLen: 20 [**] [1:947:5] WEB-FRONTPAGE orders.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:26.293402 24.197.194.106:1767 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36278 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7311FD28 Ack: 0x55390AB3 Win: 0x4470 TcpLen: 20 [**] [1:807:7] WEB-CGI /wwwboard/passwd.txt access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:26.678061 24.197.194.106:1772 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36308 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x73184CAB Ack: 0x553C99BA Win: 0x4470 TcpLen: 20 [Xref => bugtraq 649][Xref => nessus 10321][Xref => cve CVE-1999-0953][Xref => arachnids 463] [**] [1:1772:3] WEB-IIS pbserver access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:27.647948 24.197.194.106:1776 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36339 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x731FBD9E Ack: 0x554234F6 Win: 0x4470 TcpLen: 20 [Xref => url www.microsoft.com/technet/security/bulletin/ms00-094.asp] [**] [1:832:8] WEB-CGI perl.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:28.020875 24.197.194.106:1778 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36360 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x7322994E Ack: 0x5544593C Win: 0x4470 TcpLen: 20 [Xref => nessus 10173][Xref => arachnids 219][Xref => url www.cert.org/advisories/CA-1996-11.html][Xref => cve CAN-1999-0509] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.525283 [**] [1:832:8] WEB-CGI perl.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:28.575921 24.197.194.106:1783 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36396 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x73294386 Ack: 0x5547EEC4 Win: 0x4470 TcpLen: 20 [Xref => nessus 10173][Xref => arachnids 219][Xref => url www.cert.org/advisories/CA-1996-11.html][Xref => cve CAN-1999-0509] [**] [1:832:8] WEB-CGI perl.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:28.735844 24.197.194.106:1785 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36409 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x732BD1D2 Ack: 0x55493A14 Win: 0x4470 TcpLen: 20 [Xref => nessus 10173][Xref => arachnids 219][Xref => url www.cert.org/advisories/CA-1996-11.html][Xref => cve CAN-1999-0509] [**] [1:976:7] WEB-IIS .bat? access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:29.137689 24.197.194.106:1787 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36421 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x732EE38C Ack: 0x554C11F9 Win: 0x4470 TcpLen: 20 [Xref => url support.microsoft.com/support/kb/articles/Q155/0/56.asp][Xref => url support.microsoft.com/support/kb/articles/Q148/1/88.asp][Xref => cve CVE-1999-0233][Xref => bugtraq 2023] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:29.353679 24.197.194.106:1789 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36428 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7330989B Ack: 0x554D91CF Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:29.855741 24.197.194.106:1790 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36445 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x73330BC1 Ack: 0x5550A7E8 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:30.433167 24.197.194.106:1793 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36469 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7337EC12 Ack: 0x5554831B Win: 0x4470 TcpLen: 20 [**] [1:889:5] WEB-CGI ppdscgi.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:30.650027 24.197.194.106:1794 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36479 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7339DB1A Ack: 0x55563A04 Win: 0x4470 TcpLen: 20 [Xref => url online.securityfocus.com/archive/1/16878][Xref => bugtraq 491] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:51:31.621022 24.197.194.106:1797 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36496 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x73405DFC Ack: 0x555CD8B5 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.544960 [**] [1:1028:5] WEB-IIS query.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.104445 24.197.194.106:1798 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36504 IpLen:20 DgmLen:87 DF ***AP*** Seq: 0x73438D20 Ack: 0x555FE334 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0449][Xref => bugtraq 193] [**] [1:1077:5] WEB-MISC queryhit.htm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.409958 24.197.194.106:1799 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36518 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x7345609B Ack: 0x5562307F Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.540997 24.197.194.106:1802 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36531 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x73485FCF Ack: 0x55650151 Win: 0x4470 TcpLen: 20 [**] [1:895:5] WEB-CGI redirect access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:32.737582 24.197.194.106:1803 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36539 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7349A911 Ack: 0x55668DFE Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0382][Xref => bugtraq 1179] [**] [1:956:5] WEB-FRONTPAGE register.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.764257 24.197.194.106:1804 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36541 IpLen:20 DgmLen:78 DF ***AP*** Seq: 0x734A7D29 Ack: 0x5567E019 Win: 0x4470 TcpLen: 20 [**] [1:957:5] WEB-FRONTPAGE registrations.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:32.848128 24.197.194.106:1805 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36545 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x734BC9DA Ack: 0x5568E5F0 Win: 0x4470 TcpLen: 20 [**] [1:1076:6] WEB-IIS repost.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:33.826314 24.197.194.106:1844 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36550 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x73513D1B Ack: 0x556DBF29 Win: 0x4470 TcpLen: 20 [Xref => nessus 10372] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:34.335250 24.197.194.106:1845 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36559 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x73545E50 Ack: 0x5570F864 Win: 0x4470 TcpLen: 20 [**] [1:833:5] WEB-CGI rguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:34.341549 24.197.194.106:1846 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36561 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x7355598B Ack: 0x5571F1A8 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:833:5] WEB-CGI rguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:51:35.504613 24.197.194.106:1849 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36575 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x735CB3D7 Ack: 0x5577FC7E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.568030 [**] [1:1852:3] WEB-MISC robots.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:51:40.653230 24.197.194.106:1861 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36634 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x737CB37D Ack: 0x558FA017 Win: 0x4470 TcpLen: 20 [Xref => nessus 10302] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.570910 [**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:05.376962 24.197.194.106:1877 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36705 IpLen:20 DgmLen:86 DF ***AP*** Seq: 0x73FC0AC1 Ack: 0x560AF01F Win: 0x4470 TcpLen: 20 [Xref => url www.cert.org/advisories/CA-2001-19.html] [**] [1:1402:3] WEB-IIS iissamples access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:05.979779 24.197.194.106:1881 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36719 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x7401B0E7 Ack: 0x560F8385 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.580516 [**] [1:1767:3] WEB-MISC search.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:06.616859 24.197.194.106:1882 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36724 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x7405AAF6 Ack: 0x56135116 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0835][Xref => nessus 10514] [**] [1:1030:6] WEB-IIS search97.vts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:07.123356 24.197.194.106:1883 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36728 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x740891E0 Ack: 0x56163C3E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 162] [**] [1:1030:6] WEB-IIS search97.vts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:08.429440 24.197.194.106:1884 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36734 IpLen:20 DgmLen:69 DF ***AP*** Seq: 0x740F61B5 Ack: 0x561DFEC4 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 162] [**] [1:1659:3] WEB-COLDFUSION sendmail.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:09.633319 24.197.194.106:1889 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36757 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0x7417535F Ack: 0x56238BBD Win: 0x4470 TcpLen: 20 [**] [1:918:4] WEB-COLDFUSION expeval access [**] [Classification: Attempted User Privilege Gain] [Priority: 1] 03/05-11:52:09.739104 24.197.194.106:1891 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36766 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x741922DF Ack: 0x56254DEE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0477][Xref => bugtraq 550] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.595590 [**] [1:959:5] WEB-FRONTPAGE service.pwd [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:10.160996 24.197.194.106:1897 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36793 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x741F5104 Ack: 0x56291D69 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1205] [**] [1:1469:3] WEB-CGI Web Shopper shopper.cgi access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:10.879422 24.197.194.106:1904 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36833 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7428042B Ack: 0x562DF30C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1776][Xref => cve CVE-2000-0922] [**] [1:1098:5] WEB-MISC SmartWin CyberOffice Shopping Cart access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:11.132014 24.197.194.106:1906 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36867 IpLen:20 DgmLen:83 DF ***AP*** Seq: 0x7429FA93 Ack: 0x562F2D64 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1734] [**] [1:1037:7] WEB-IIS showcode.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.151934 24.197.194.106:1910 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36875 IpLen:20 DgmLen:97 DF ***AP*** Seq: 0x742CF4C8 Ack: 0x56305B63 Win: 0x4470 TcpLen: 20 [Xref => nessus 10007][Xref => bugtraq 167][Xref => cve CAN-1999-0736] [**] [1:1037:7] WEB-IIS showcode.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.151954 24.197.194.106:1915 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36876 IpLen:20 DgmLen:94 DF ***AP*** Seq: 0x7430868B Ack: 0x56322C3B Win: 0x4470 TcpLen: 20 [Xref => nessus 10007][Xref => bugtraq 167][Xref => cve CAN-1999-0736] [**] [1:1037:7] WEB-IIS showcode.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.152126 24.197.194.106:1912 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36877 IpLen:20 DgmLen:92 DF ***AP*** Seq: 0x742E9E4D Ack: 0x56315A67 Win: 0x4470 TcpLen: 20 [Xref => nessus 10007][Xref => bugtraq 167][Xref => cve CAN-1999-0736] [**] [1:940:6] WEB-FRONTPAGE shtml.dll access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.294148 24.197.194.106:1918 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36887 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74334DEB Ack: 0x5634DFD3 Win: 0x4470 TcpLen: 20 [Xref => arachnids 292] [**] [1:962:6] WEB-FRONTPAGE shtml.exe access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.577052 24.197.194.106:1920 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36910 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x7435EE23 Ack: 0x5637EB9A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1174][Xref => bugtraq 1608][Xref => cve CAN-2000-0709][Xref => cve CAN-2000-0413][Xref => nessus 10405] [**] [1:1038:5] WEB-IIS site server config access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.613166 24.197.194.106:1923 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36919 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7437B0CE Ack: 0x563A4528 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 256] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:11.613168 24.197.194.106:1924 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36920 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x743863F5 Ack: 0x563B51AA Win: 0x4470 TcpLen: 20 [**] [1:870:4] WEB-CGI snorkerz.cmd access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:11.948349 24.197.194.106:1932 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36951 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x743F7087 Ack: 0x563F980F Win: 0x4470 TcpLen: 20 [**] [1:928:4] WEB-COLDFUSION exampleapp access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:12.261240 24.197.194.106:1936 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36973 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x744397C0 Ack: 0x5641BC27 Win: 0x4470 TcpLen: 20 [**] [1:1040:5] WEB-IIS srchadm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:12.289611 24.197.194.106:1937 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36978 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x74447E4B Ack: 0x5642736B Win: 0x4470 TcpLen: 20 [**] [1:1511:6] WEB-CGI test.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:12.297844 24.197.194.106:1939 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36980 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x7445CE64 Ack: 0x56440D72 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-1999-0947][Xref => nessus 10016] [**] [1:1646:4] WEB-CGI test.cgi access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:12.392402 24.197.194.106:1940 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:36983 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x7446B9E9 Ack: 0x56452BE5 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.653316 [**] [1:1650:3] WEB-CGI tst.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:15.553324 24.197.194.106:1999 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37012 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0x74593BCE Ack: 0x5655AAAF Win: 0x4470 TcpLen: 20 [Xref => bugtraq 770][Xref => cve CAN-1999-0885] [**] [1:1650:3] WEB-CGI tst.bat access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:15.777139 24.197.194.106:2002 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37039 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x745C30DC Ack: 0x5657309E Win: 0x4470 TcpLen: 20 [Xref => bugtraq 770][Xref => cve CAN-1999-0885] [**] [1:902:5] WEB-CGI tstisapi.dll access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:15.784824 24.197.194.106:2004 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37040 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x745D71E1 Ack: 0x5657BD2E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2001-0302] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:15.973087 24.197.194.106:2006 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37046 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x745FA53A Ack: 0x56594CE7 Win: 0x4470 TcpLen: 20 [**] [1:837:5] WEB-CGI uploader.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:16.260219 24.197.194.106:2009 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37064 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x746266B1 Ack: 0x565B6D76 Win: 0x4470 TcpLen: 20 [Xref => nessus 10291][Xref => cve CVE-1999-0177] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.260223 24.197.194.106:2011 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37066 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7464497B Ack: 0x565C003C Win: 0x4470 TcpLen: 20 [**] [1:1041:5] WEB-IIS uploadn.asp access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.358310 24.197.194.106:2013 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37078 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x7465B0B5 Ack: 0x565D13C8 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.627709 24.197.194.106:2016 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37093 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x7468A786 Ack: 0x565EDAC9 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:16.648035 24.197.194.106:2017 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37096 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0x74692DFD Ack: 0x565F88B6 Win: 0x4470 TcpLen: 20 [**] [1:1457:3] WEB-CGI user_update_admin.pl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:17.720035 24.197.194.106:2030 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37159 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x747712CA Ack: 0x56666AE8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0627] [**] [1:1458:3] WEB-CGI user_update_passwd.pl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:17.996442 24.197.194.106:2035 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37169 IpLen:20 DgmLen:89 DF ***AP*** Seq: 0x747A0636 Ack: 0x5668D371 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0627] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.681260 [**] [1:964:5] WEB-FRONTPAGE users.pwd access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:18.112711 24.197.194.106:2036 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37173 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x747BA079 Ack: 0x566A3105 Win: 0x4470 TcpLen: 20 [**] [1:930:5] WEB-COLDFUSION snippets attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:18.310404 24.197.194.106:2037 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37177 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x747D014C Ack: 0x566B806A Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [1:867:5] WEB-CGI visadmin.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:18.564425 24.197.194.106:2038 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37181 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x747EDBF6 Ack: 0x566D7796 Win: 0x4470 TcpLen: 20 [Xref => nessus 10295][Xref => cve CAN-1999-1970][Xref => bugtraq 1808] [**] [1:867:5] WEB-CGI visadmin.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:18.956103 24.197.194.106:2039 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37185 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x7480E801 Ack: 0x567051E7 Win: 0x4470 TcpLen: 20 [Xref => nessus 10295][Xref => cve CAN-1999-1970][Xref => bugtraq 1808] [**] [1:867:5] WEB-CGI visadmin.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:20.263757 24.197.194.106:2043 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37205 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x7488DE83 Ack: 0x5677B682 Win: 0x4470 TcpLen: 20 [Xref => nessus 10295][Xref => cve CAN-1999-1970][Xref => bugtraq 1808] [**] [1:986:5] WEB-IIS MSProxy access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:20.950407 24.197.194.106:2050 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37241 IpLen:20 DgmLen:82 DF ***AP*** Seq: 0x74915B1F Ack: 0x567CDAD0 Win: 0x4470 TcpLen: 20 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:21.322177 24.197.194.106:2053 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37254 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x749506BD Ack: 0x567F67D8 Win: 0x4470 TcpLen: 20 [**] [1:1611:3] WEB-CGI eXtropia webstore access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:21.664735 24.197.194.106:2056 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37266 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x74989930 Ack: 0x568233B8 Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-1005][Xref => bugtraq 1774] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.702423 [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:22.187035 24.197.194.106:2060 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37277 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x749CE89A Ack: 0x56852882 Win: 0x4470 TcpLen: 20 [**] [1:1400:3] WEB-IIS /scripts/samples/ access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:22.568595 24.197.194.106:2062 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37286 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x74A018A1 Ack: 0x5687FAFE Win: 0x4470 TcpLen: 20 [**] [1:1040:5] WEB-IIS srchadm access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:22.986177 24.197.194.106:2064 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37298 IpLen:20 DgmLen:84 DF ***AP*** Seq: 0x74A386A2 Ack: 0x568A5480 Win: 0x4470 TcpLen: 20 [**] [1:852:5] WEB-CGI wguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:23.520499 24.197.194.106:2071 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37325 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74A9E598 Ack: 0x568F2698 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:852:5] WEB-CGI wguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:23.528688 24.197.194.106:2069 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37327 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74A87E9F Ack: 0x568E5F27 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:852:5] WEB-CGI wguest.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:24.267203 24.197.194.106:2075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37348 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74B04F7E Ack: 0x56938206 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 2024][Xref => cve CAN-1999-0467] [**] [1:875:6] WEB-CGI win-c-sample.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:25.341224 24.197.194.106:2080 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37372 IpLen:20 DgmLen:81 DF ***AP*** Seq: 0x74B80B88 Ack: 0x569B1608 Win: 0x4470 TcpLen: 20 [Xref => nessus 10008][Xref => cve CVE-1999-0178][Xref => arachnids 231][Xref => bugtraq 2078] [**] [1:1158:7] WEB-MISC windmail.exe access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:25.755419 24.197.194.106:2083 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37384 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0x74BBB442 Ack: 0x569D5989 Win: 0x4470 TcpLen: 20 [Xref => nessus 10365][Xref => arachnids 465][Xref => bugtraq 1073][Xref => cve CAN-2000-0242] [**] [1:1166:5] WEB-MISC ws_ftp.ini access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:25.924094 24.197.194.106:2085 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37394 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0x74BD9293 Ack: 0x569ECF09 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 547][Xref => cve CAN-1999-1078] [**] [1:1287:5] WEB-IIS scripts access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-11:52:26.089463 24.197.194.106:2086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37401 IpLen:20 DgmLen:74 DF ***AP*** Seq: 0x74BEC115 Ack: 0x56A0284D Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.731728 [**] [1:1175:6] WEB-MISC wwwboard.pl access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:26.256297 24.197.194.106:2088 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37410 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x74C106A7 Ack: 0x56A25461 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0930][Xref => bugtraq 1795][Xref => bugtraq 649] [**] [1:1213:4] WEB-MISC backup access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:27.245350 24.197.194.106:2097 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37440 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x74CAEAC7 Ack: 0x56A81402 Win: 0x4470 TcpLen: 20 [**] [1:928:4] WEB-COLDFUSION exampleapp access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:27.823568 24.197.194.106:2101 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37459 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x74D13835 Ack: 0x56ACB8C4 Win: 0x4470 TcpLen: 20 [**] [1:930:5] WEB-COLDFUSION snippets attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:29.943470 24.197.194.106:2112 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37703 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0x74E0417D Ack: 0x56B8F603 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 550] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.801182 [**] [1:1301:4] WEB-MISC admin.php access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.205931 24.197.194.106:2141 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37780 IpLen:20 DgmLen:88 DF ***AP*** Seq: 0x74F63342 Ack: 0x56C5A832 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 3361] [**] [1:1103:6] WEB-MISC netscape admin passwd [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:52:30.217491 24.197.194.106:2144 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37783 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x74F895DA Ack: 0x56C6CFC5 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1579] [**] [1:904:4] WEB-COLDFUSION exampleapp application.cfm [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.548118 24.197.194.106:2148 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37830 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x74FC49CE Ack: 0x56C87627 Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1021] [**] [1:905:4] WEB-COLDFUSION application.cfm access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.548124 24.197.194.106:2150 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37832 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x74FDABB6 Ack: 0x56C9563C Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1021] [**] [1:903:5] WEB-COLDFUSION cfcache.map access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:30.569540 24.197.194.106:2155 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37836 IpLen:20 DgmLen:75 DF ***AP*** Seq: 0x75019BF0 Ack: 0x56CB179E Win: 0x4470 TcpLen: 20 [Xref => cve CVE-2000-0057][Xref => bugtraq 917] [**] [1:1153:4] WEB-MISC Domino log.nsf access [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:52:31.038338 24.197.194.106:2169 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:37914 IpLen:20 DgmLen:64 DF ***AP*** Seq: 0x750C6DCF Ack: 0x56D5A444 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.890300 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.899430 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.901936 [**] [1:935:5] WEB-COLDFUSION startstop DOS access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:53:02.190185 24.197.194.106:2205 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:38135 IpLen:20 DgmLen:91 DF ***AP*** Seq: 0x75AF0201 Ack: 0x576C5D8B Win: 0x4470 TcpLen: 20 [Xref => bugtraq 247] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.918080 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.949195 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.951658 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:06.954367 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.133609 24.197.194.106:1291 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49386 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E32240F Ack: 0x5A5809C6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.143494 24.197.194.106:1293 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49390 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E33D954 Ack: 0x5A58A0C0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.173496 24.197.194.106:1295 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49397 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E34FE43 Ack: 0x5A598696 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.180137 24.197.194.106:1297 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49398 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E3646EE Ack: 0x5A5A2172 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.191200 24.197.194.106:1298 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49400 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E370706 Ack: 0x5A5B0C74 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.200086 24.197.194.106:1300 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49402 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E384214 Ack: 0x5A5BF283 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.216849 24.197.194.106:1302 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49408 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E39B0BF Ack: 0x5A5CC777 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.239750 24.197.194.106:1303 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49414 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E3AA936 Ack: 0x5A5D7E38 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.256829 24.197.194.106:1307 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49418 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E3D40C3 Ack: 0x5A5E2F66 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.277251 24.197.194.106:1309 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49420 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E3F1A48 Ack: 0x5A5F285E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.320152 24.197.194.106:1312 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49431 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E418816 Ack: 0x5A601816 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.327287 24.197.194.106:1314 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49433 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E430B22 Ack: 0x5A60C147 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.346056 24.197.194.106:1315 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49437 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E4394C1 Ack: 0x5A61AB50 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.364480 24.197.194.106:1319 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49443 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E47006C Ack: 0x5A62EA05 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.364482 24.197.194.106:1318 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49444 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E45C3E9 Ack: 0x5A625039 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.381260 24.197.194.106:1322 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49448 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E4948BC Ack: 0x5A6413F6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.401416 24.197.194.106:1326 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49453 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E4C523F Ack: 0x5A65A65A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.407936 24.197.194.106:1324 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49454 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E4A844F Ack: 0x5A64BC03 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.420568 24.197.194.106:1328 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49457 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E4DB5FB Ack: 0x5A6695C1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.436749 24.197.194.106:1330 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49462 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E4F1EBB Ack: 0x5A676189 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.468437 24.197.194.106:1332 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49469 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E50E940 Ack: 0x5A6834F6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.474668 24.197.194.106:1334 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49471 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x7E525B70 Ack: 0x5A68E575 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.502030 24.197.194.106:1336 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49477 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E53E972 Ack: 0x5A6A0D1B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.502037 24.197.194.106:1338 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49480 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x7E5554AE Ack: 0x5A6A991C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.558915 24.197.194.106:1341 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49493 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E582983 Ack: 0x5A6B819D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.567014 24.197.194.106:1342 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49495 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E58DA23 Ack: 0x5A6C2CA8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.586039 24.197.194.106:1345 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49499 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E5BA8E9 Ack: 0x5A6D64E7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.605407 24.197.194.106:1347 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49506 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E5D711A Ack: 0x5A6E0A04 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.626788 24.197.194.106:1348 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49510 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E5E554D Ack: 0x5A6EEDA4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.635103 24.197.194.106:1351 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49512 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E60CEB8 Ack: 0x5A6FAF33 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.657076 24.197.194.106:1353 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49516 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E6219D7 Ack: 0x5A7095AC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.657083 24.197.194.106:1355 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49518 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7E632FC6 Ack: 0x5A716AE7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.679400 24.197.194.106:1357 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49521 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E64E585 Ack: 0x5A72284C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.743880 24.197.194.106:1360 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49537 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E67A757 Ack: 0x5A736F66 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.752284 24.197.194.106:1362 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49542 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E697D0D Ack: 0x5A7463E1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.773032 24.197.194.106:1366 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49545 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E6C9F1C Ack: 0x5A751502 Win: 0x4470 TcpLen: 20 [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:56:09.782850 24.197.194.106:1368 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49547 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E6E4150 Ack: 0x5A75A428 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:09.800230 24.197.194.106:1370 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49553 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7E6F7A16 Ack: 0x5A76AB01 Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:56:09.810669 24.197.194.106:1373 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49555 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E71EFFA Ack: 0x5A775CC9 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:56:09.846388 24.197.194.106:1377 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49564 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E746F5D Ack: 0x5A791C22 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-11:56:09.877333 24.197.194.106:1381 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49572 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x7E77F052 Ack: 0x5A7B2598 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.486472 24.197.194.106:1390 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49631 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7E814CB1 Ack: 0x5A7E5B53 Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.521073 24.197.194.106:1393 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49637 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E83B9EA Ack: 0x5A80B0C7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.521079 24.197.194.106:1391 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49640 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E825F95 Ack: 0x5A7FBABC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.543244 24.197.194.106:1395 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49643 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E85242A Ack: 0x5A8184B3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.645249 24.197.194.106:1401 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49659 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7E8A4718 Ack: 0x5A82DE64 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.668823 24.197.194.106:1403 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49661 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7E8BDBBD Ack: 0x5A83DC10 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.907296 24.197.194.106:1464 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49691 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7E95694D Ack: 0x5A85F419 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:10.917543 24.197.194.106:1465 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49693 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7E963E1B Ack: 0x5A8693B5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.196000 24.197.194.106:1496 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49798 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x7EB2C8CD Ack: 0x5A8BCA9D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.213081 24.197.194.106:1498 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49801 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EB478C6 Ack: 0x5A8C962E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.230625 24.197.194.106:1500 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49803 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EB5AC67 Ack: 0x5A8D2317 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.346336 24.197.194.106:1502 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49813 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EB78112 Ack: 0x5A8EBF3C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.576653 24.197.194.106:1507 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49828 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EBB7436 Ack: 0x5A905914 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.922773 24.197.194.106:1512 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49856 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC0C7C4 Ack: 0x5A92AF80 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.980886 24.197.194.106:1514 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49863 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC2A5D0 Ack: 0x5A93A9C4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:12.992692 24.197.194.106:1515 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49865 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC38299 Ack: 0x5A947D80 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.053814 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:13.203314 24.197.194.106:1522 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49883 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EC94DDC Ack: 0x5A96055D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:14.080266 24.197.194.106:1537 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49937 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7ED8AE32 Ack: 0x5A9A64BD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:14.208367 24.197.194.106:1541 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49946 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EDC23B7 Ack: 0x5A9BF0F7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:14.935485 24.197.194.106:1556 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49982 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7EE98D1D Ack: 0x5A9ED323 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:14.974511 24.197.194.106:1557 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:49989 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EEA8F96 Ack: 0x5A9FF761 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.204681 24.197.194.106:1561 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50003 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7EEE9261 Ack: 0x5AA17A51 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.335460 24.197.194.106:1625 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50012 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EEF92AB Ack: 0x5AA2B72D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.570183 24.197.194.106:1628 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50027 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x7EF2D641 Ack: 0x5AA4D0FC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.629200 24.197.194.106:1630 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50030 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x7EF3E29F Ack: 0x5AA58A5A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.629222 24.197.194.106:1631 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50031 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EF4D1FE Ack: 0x5AA67C43 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.775632 24.197.194.106:1634 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50041 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EF77016 Ack: 0x5AA77B1E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.919694 24.197.194.106:1636 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50047 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EF99DA5 Ack: 0x5AA91A52 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.919713 24.197.194.106:1637 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50049 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x7EFA9ABB Ack: 0x5AAA01C0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:15.919737 24.197.194.106:1638 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50051 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7EFB5725 Ack: 0x5AAAA9BE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:16.740141 24.197.194.106:1644 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50073 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7F02BB75 Ack: 0x5AAF16DC Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.080312 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:18.053839 24.197.194.106:1652 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50099 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7F0E30C1 Ack: 0x5AB49E6A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:19.373375 24.197.194.106:1660 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50120 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F18DEE1 Ack: 0x5ABA39A2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:19.492264 24.197.194.106:1662 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50123 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F1ACC65 Ack: 0x5ABB747A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:19.958208 24.197.194.106:1666 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50130 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7F1F40F5 Ack: 0x5ABDF46D Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.087684 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:39.815828 24.197.194.106:1674 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50156 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x7F6B8BED Ack: 0x5B0A17A2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:40.705408 24.197.194.106:1675 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50159 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F6FB3BA Ack: 0x5B0E3AE8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:41.054156 24.197.194.106:1676 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50162 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x7F71D5C3 Ack: 0x5B100ACE Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.093221 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:56:47.477742 24.197.194.106:1718 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50175 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7F8BBEEC Ack: 0x5B296577 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.096173 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.276507 24.197.194.106:1727 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50226 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FE63019 Ack: 0x5B80B529 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.296517 24.197.194.106:1728 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50230 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FE6E3A4 Ack: 0x5B8146CF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.388880 24.197.194.106:1734 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50245 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FE97C2D Ack: 0x5B828852 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.406803 24.197.194.106:1735 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50248 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x7FEA8CCB Ack: 0x5B837199 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.444556 24.197.194.106:1738 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50254 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7FEBFEF4 Ack: 0x5B846A87 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.465183 24.197.194.106:1739 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50263 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7FECE36D Ack: 0x5B855DFE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.505082 24.197.194.106:1741 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50268 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x7FEEA0BC Ack: 0x5B86B8FC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.513881 24.197.194.106:1744 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50272 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FF02F57 Ack: 0x5B8762FD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.777389 24.197.194.106:1751 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50296 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7FF48D9C Ack: 0x5B88B79C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.785177 24.197.194.106:1755 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50297 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FF61D7E Ack: 0x5B893DB4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.785180 24.197.194.106:1756 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50298 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x7FF6F06C Ack: 0x5B89CD63 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:10.797898 24.197.194.106:1758 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50299 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7FF809CF Ack: 0x5B8A87A0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.429819 24.197.194.106:1759 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50313 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FF9D521 Ack: 0x5B8E16FA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.545992 24.197.194.106:1762 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50334 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x7FFBA538 Ack: 0x5B8F8E1A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.546019 24.197.194.106:1765 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50336 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x7FFC6174 Ack: 0x5B905E60 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.586334 24.197.194.106:1768 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50340 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x7FFDD426 Ack: 0x5B90EE58 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.848526 24.197.194.106:1771 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50356 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x7FFFDBBD Ack: 0x5B92F4EF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.878379 24.197.194.106:1773 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50362 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x80018CCD Ack: 0x5B939A23 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.885235 24.197.194.106:1775 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50366 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x8003407F Ack: 0x5B943211 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.903611 24.197.194.106:1777 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50369 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x80041B50 Ack: 0x5B950DE9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:11.903620 24.197.194.106:1779 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50371 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8005B93A Ack: 0x5B95C3D9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:12.170814 24.197.194.106:1784 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50379 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x80089632 Ack: 0x5B9736BB Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:12.597206 24.197.194.106:1788 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50390 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x800B084F Ack: 0x5B996E26 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:12.718254 24.197.194.106:1789 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50396 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x800C656D Ack: 0x5B9AB438 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.158668 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:14.374381 24.197.194.106:1844 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50442 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8014027B Ack: 0x5BA20BAA Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:15.395713 24.197.194.106:1847 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50461 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x801757C1 Ack: 0x5BA6061E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:16.256459 24.197.194.106:1851 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50486 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x801C0E7A Ack: 0x5BAA6519 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:16.925828 24.197.194.106:1855 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50497 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x801E2815 Ack: 0x5BADF6EC Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:17.494807 24.197.194.106:1858 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50506 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80206109 Ack: 0x5BB06FD9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:17.604540 24.197.194.106:1860 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50513 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80214BFE Ack: 0x5BB1B059 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:17.624502 24.197.194.106:1861 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50515 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x80221738 Ack: 0x5BB2B35E Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.177834 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:20.722847 24.197.194.106:1871 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50602 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x802F9AC2 Ack: 0x5BBF2227 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:21.220854 24.197.194.106:1874 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50635 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8032EE04 Ack: 0x5BC13114 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:21.919752 24.197.194.106:1877 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50652 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8035110A Ack: 0x5BC47102 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:22.049685 24.197.194.106:1879 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50663 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x80375AAC Ack: 0x5BC6059D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:22.155949 24.197.194.106:1882 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50675 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x803A966C Ack: 0x5BC75A0A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:23.596457 24.197.194.106:1885 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50715 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x803F8789 Ack: 0x5BCD24EF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:23.706790 24.197.194.106:1886 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50725 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x804081E4 Ack: 0x5BCECC30 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.195912 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:24.044888 24.197.194.106:1890 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50755 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x80448E88 Ack: 0x5BD0B58A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:24.064992 24.197.194.106:1891 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50759 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x804588C3 Ack: 0x5BD1F7BE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:24.112832 24.197.194.106:1892 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50768 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8046B8CB Ack: 0x5BD2D31E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:24.123586 24.197.194.106:1893 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50770 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x80476A4D Ack: 0x5BD39937 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:24.449131 24.197.194.106:1896 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50788 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x804A77A0 Ack: 0x5BD5CFFD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:24.654196 24.197.194.106:1897 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50807 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x804C22AB Ack: 0x5BD6EF9A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:25.013874 24.197.194.106:1901 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50824 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8050A7AD Ack: 0x5BD94B89 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:25.378268 24.197.194.106:1903 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50845 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8053ADC2 Ack: 0x5BDBB0C3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:26.108423 24.197.194.106:1905 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50867 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8057A3EA Ack: 0x5BDF36CB Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.212743 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:29.039333 24.197.194.106:1996 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:50969 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8067D60D Ack: 0x5BEB6DE2 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:30.813681 24.197.194.106:1999 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51022 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80710A88 Ack: 0x5BF2A4A6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:31.342110 24.197.194.106:2001 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51050 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80747145 Ack: 0x5BF586B6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:31.400208 24.197.194.106:2003 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51057 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8076520A Ack: 0x5BF6CA55 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.219988 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:32.585043 24.197.194.106:2007 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51091 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x807D39E5 Ack: 0x5BFCA396 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:33.846056 24.197.194.106:2012 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51140 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8085A9B0 Ack: 0x5C05F18C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:34.946460 24.197.194.106:2015 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51170 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x808C4E0B Ack: 0x5C0AB539 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:35.303821 24.197.194.106:2017 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51184 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x808F489C Ack: 0x5C0D1581 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:35.781080 24.197.194.106:2018 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51195 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x80920C0B Ack: 0x5C0FB46A Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:35.991355 24.197.194.106:2020 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51206 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80945FCE Ack: 0x5C116975 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.230880 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:36.192797 24.197.194.106:2021 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51210 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8096033D Ack: 0x5C12F1BF Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:38.138611 24.197.194.106:2037 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51247 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x809F7E14 Ack: 0x5C1AC376 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:39.736377 24.197.194.106:2040 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51294 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80A7C14E Ack: 0x5C21AF81 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:39.984189 24.197.194.106:2041 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51302 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x80A935CF Ack: 0x5C23D1A6 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.238412 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:41.401601 24.197.194.106:2046 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51328 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80AFAABF Ack: 0x5C29DDB1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:41.629831 24.197.194.106:2047 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51335 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80B101F6 Ack: 0x5C2B62F3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:42.585914 24.197.194.106:2051 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51360 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80B7FAA7 Ack: 0x5C2FCBC3 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:42.725763 24.197.194.106:2052 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51365 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80B959ED Ack: 0x5C30EB8C Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.246211 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:46.924424 24.197.194.106:2061 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51416 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x80CD4AEF Ack: 0x5C41CF38 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:47.594886 24.197.194.106:2063 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51432 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x80D12E72 Ack: 0x5C456217 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.250938 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:53.176473 24.197.194.106:2075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51519 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x80EC8A77 Ack: 0x5C5B531C Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.253352 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:57:58.576863 24.197.194.106:2087 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51619 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8106A1C3 Ack: 0x5C70A338 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.255253 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:58:03.592537 24.197.194.106:2099 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51695 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x811E4B10 Ack: 0x5C846B73 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:58:05.974982 24.197.194.106:2104 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51740 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x812B6095 Ack: 0x5C8E6912 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:58:06.763463 24.197.194.106:2105 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:51757 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x812F0FDA Ack: 0x5C926AFA Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.304054 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.742926 24.197.194.106:2893 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56243 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x835D9F3A Ack: 0x5DA3240E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.742929 24.197.194.106:2894 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56244 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x835E75A8 Ack: 0x5DA40E9F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.770923 24.197.194.106:2895 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56247 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x835F23B9 Ack: 0x5DA4D454 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.783613 24.197.194.106:2896 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56252 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x835FA6DA Ack: 0x5DA58283 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.796030 24.197.194.106:2897 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56256 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x83608407 Ack: 0x5DA64733 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.804592 24.197.194.106:2898 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56258 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x83613A1C Ack: 0x5DA726C2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.813316 24.197.194.106:2899 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56262 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83621BA7 Ack: 0x5DA7F0B9 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.854120 24.197.194.106:2900 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56270 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x836318C0 Ack: 0x5DA938C4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.873435 24.197.194.106:2901 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56272 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8363E75D Ack: 0x5DA9E53F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.873441 24.197.194.106:2902 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56275 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x8364B79C Ack: 0x5DAAC903 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.900375 24.197.194.106:2903 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56281 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x83657D4D Ack: 0x5DAB789B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.924182 24.197.194.106:2904 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56285 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83665F63 Ack: 0x5DAC1255 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.936994 24.197.194.106:2905 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56293 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x836746C4 Ack: 0x5DACFD37 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.992846 24.197.194.106:2906 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56304 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x83689721 Ack: 0x5DADEF20 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:17.992863 24.197.194.106:2908 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56306 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x836A5519 Ack: 0x5DAF40A3 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.010903 24.197.194.106:2907 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56309 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x8369871D Ack: 0x5DAEB97B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.010927 24.197.194.106:2909 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56311 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x836B0253 Ack: 0x5DAFF927 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.040665 24.197.194.106:2910 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56318 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x836BC80A Ack: 0x5DB14BC1 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.465385 24.197.194.106:2911 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56384 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x836CC764 Ack: 0x5DB229BF Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.482238 24.197.194.106:2912 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56385 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x836D6EEE Ack: 0x5DB30CAA Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.482242 24.197.194.106:2913 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56386 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x836E4075 Ack: 0x5DB3AF2F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.482244 24.197.194.106:2914 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56387 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x836F0071 Ack: 0x5DB499AC Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.485324 24.197.194.106:2915 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56388 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x836FE2D1 Ack: 0x5DB52C58 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.493983 24.197.194.106:2916 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56389 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x8370DC9B Ack: 0x5DB67E99 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.493988 24.197.194.106:2917 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56390 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8371AB57 Ack: 0x5DB75F2B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.493990 24.197.194.106:2918 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56391 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x8372F55C Ack: 0x5DB8101A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.654083 24.197.194.106:2919 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56433 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x83743D00 Ack: 0x5DBAAB2C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.670697 24.197.194.106:2920 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56436 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83752951 Ack: 0x5DBB3165 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.688315 24.197.194.106:2921 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56440 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x8375B86A Ack: 0x5DBC0765 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.696103 24.197.194.106:2922 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56443 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x837665E8 Ack: 0x5DBC9938 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.706885 24.197.194.106:2923 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56444 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x83774043 Ack: 0x5DBD95C6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.706889 24.197.194.106:2925 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56446 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8378B3B8 Ack: 0x5DBF58F1 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.719716 24.197.194.106:2924 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56448 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8378331D Ack: 0x5DBE5CD8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.725972 24.197.194.106:2926 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56451 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83795E42 Ack: 0x5DC0234F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.750673 24.197.194.106:2927 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56455 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x837A55EB Ack: 0x5DC14971 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.757540 24.197.194.106:2928 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56457 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x837B3274 Ack: 0x5DC1F20F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.757546 24.197.194.106:2930 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56459 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x837C67B2 Ack: 0x5DC3C155 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.764028 24.197.194.106:2929 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56461 IpLen:20 DgmLen:100 DF ***AP*** Seq: 0x837BE652 Ack: 0x5DC2DBFB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.786068 24.197.194.106:2931 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56464 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x837DA3E1 Ack: 0x5DC456D2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.786075 24.197.194.106:2933 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56466 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x837F4959 Ack: 0x5DC5AA51 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.791267 24.197.194.106:2932 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56468 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x837E7A1D Ack: 0x5DC50052 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.791271 24.197.194.106:2934 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56470 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x837FF568 Ack: 0x5DC63B55 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.828182 24.197.194.106:2935 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56476 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0x83807FE3 Ack: 0x5DC725B6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.954360 24.197.194.106:2936 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56482 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0x8381529F Ack: 0x5DC7E275 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:18.954384 24.197.194.106:2937 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56483 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x8382AF84 Ack: 0x5DC936BD Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.062556 24.197.194.106:2938 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56500 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x83839E30 Ack: 0x5DCA7BB7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.100558 24.197.194.106:2940 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56508 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x83855FC4 Ack: 0x5DCC5118 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.100745 24.197.194.106:2939 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56510 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x8384856D Ack: 0x5DCB961C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.196816 24.197.194.106:2941 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56522 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8386C369 Ack: 0x5DCDB0EC Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.207549 24.197.194.106:2942 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56525 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x83879280 Ack: 0x5DCEA12D Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.312875 24.197.194.106:2943 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56541 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x838885E4 Ack: 0x5DCF8DD2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.352898 24.197.194.106:2944 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56544 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x83894FFD Ack: 0x5DD013A4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.371337 24.197.194.106:2945 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56551 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x838A0D91 Ack: 0x5DD15A0B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.469074 24.197.194.106:2946 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56562 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x838B9C74 Ack: 0x5DD2B114 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.489099 24.197.194.106:2947 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56567 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x838C32EC Ack: 0x5DD352B3 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.499467 24.197.194.106:2948 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56569 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x838CDEAC Ack: 0x5DD41766 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.714250 24.197.194.106:2949 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56588 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x838E7EAE Ack: 0x5DD58908 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.759544 24.197.194.106:2950 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56595 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x838F93F9 Ack: 0x5DD6DA10 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:19.779504 24.197.194.106:2951 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56597 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x839063AA Ack: 0x5DD76C83 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:20.223902 24.197.194.106:2954 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56622 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x83937627 Ack: 0x5DDB1461 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:20.223953 24.197.194.106:2955 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56624 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83941041 Ack: 0x5DDBF207 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:20.554171 24.197.194.106:2956 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56641 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x839630A7 Ack: 0x5DDDFB4D Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:20.593146 24.197.194.106:2957 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56643 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x8396EEAB Ack: 0x5DDEEADB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:20.813431 24.197.194.106:2958 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56649 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x839899E2 Ack: 0x5DE0915B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.438739 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:21.373223 24.197.194.106:2959 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56663 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x839B59C0 Ack: 0x5DE3D24C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:21.412661 24.197.194.106:2960 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56666 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x839CB50D Ack: 0x5DE47071 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:21.760060 24.197.194.106:2961 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56679 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x839EA82C Ack: 0x5DE6889F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:21.797066 24.197.194.106:2962 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56681 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x839F6DC4 Ack: 0x5DE727A7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.127395 24.197.194.106:2963 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56698 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x83A17D42 Ack: 0x5DE92344 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.167264 24.197.194.106:2964 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56701 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x83A24769 Ack: 0x5DEA60ED Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.287336 24.197.194.106:2965 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56707 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x83A341A1 Ack: 0x5DEBB622 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.296569 24.197.194.106:2966 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56709 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x83A48BA1 Ack: 0x5DEC8DDA Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.545567 24.197.194.106:2967 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56731 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x83A64BCA Ack: 0x5DEE56D3 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.576132 24.197.194.106:2975 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56735 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x83A70CC4 Ack: 0x5DEEE003 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.595606 24.197.194.106:2976 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56737 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x83A7D1DC Ack: 0x5DEF6D85 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.616762 24.197.194.106:2977 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56740 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x83A8BDAF Ack: 0x5DF045D6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.725986 24.197.194.106:2978 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56748 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x83AA0A99 Ack: 0x5DF1871A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.746082 24.197.194.106:2979 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56750 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x83AAE31E Ack: 0x5DF2C8E8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.795729 24.197.194.106:2949 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56751 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x838E7EAE Ack: 0x5DD58908 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.815751 24.197.194.106:2952 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56755 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x839199B2 Ack: 0x5DD8C4A8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.843796 24.197.194.106:2953 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56758 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83922511 Ack: 0x5DD953E6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:22.971898 24.197.194.106:2980 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56765 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83AC8769 Ack: 0x5DF45BAF Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:23.101976 24.197.194.106:2981 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56779 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x83ADD734 Ack: 0x5DF59869 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:23.132410 24.197.194.106:2982 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56781 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83AE9CEE Ack: 0x5DF67C2B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:23.152003 24.197.194.106:2983 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56783 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x83AF5B9E Ack: 0x5DF797F4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:23.152034 24.197.194.106:2984 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56785 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x83B0485A Ack: 0x5DF87251 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:23.291413 24.197.194.106:2985 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56789 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x83B15C6B Ack: 0x5DF96C41 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:24.781073 24.197.194.106:2986 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56802 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x83B7BC1E Ack: 0x5E0020B8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:24.812299 24.197.194.106:2987 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56806 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x83B8CF50 Ack: 0x5E00EBA4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:24.931132 24.197.194.106:2988 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56812 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x83BA0718 Ack: 0x5E027CD0 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:24.931154 24.197.194.106:2989 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56814 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83BA977A Ack: 0x5E0335E5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.484529 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:28.814445 24.197.194.106:2998 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56826 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x83CA01B9 Ack: 0x5E123E35 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-11:59:31.256163 24.197.194.106:3001 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56834 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x83D4E3F6 Ack: 0x5E1CB21F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.493493 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:18.916028 24.197.194.106:3019 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56910 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x848ECD2A Ack: 0x5ED159E5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:18.953803 24.197.194.106:3021 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56917 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8490BBD2 Ack: 0x5ED1E36F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.022964 24.197.194.106:3023 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56935 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x84928251 Ack: 0x5ED3023A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.043274 24.197.194.106:3024 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56938 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x849347D0 Ack: 0x5ED3F96E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.083589 24.197.194.106:3027 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56947 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8495A3F5 Ack: 0x5ED52967 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.091972 24.197.194.106:3028 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56951 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84967FA3 Ack: 0x5ED5D819 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.187660 24.197.194.106:3030 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56968 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x84981175 Ack: 0x5ED6D5BF Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.246938 24.197.194.106:3033 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56982 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x849AE5FA Ack: 0x5ED7A1E2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.246941 24.197.194.106:3034 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56983 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x849BD478 Ack: 0x5ED8824A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.255962 24.197.194.106:3036 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56986 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x849DB9B3 Ack: 0x5ED924DE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.286895 24.197.194.106:3037 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:56990 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x849E85F6 Ack: 0x5ED9A693 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.551762 24.197.194.106:3041 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57014 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84A20D32 Ack: 0x5EDB0534 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.551764 24.197.194.106:3042 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57015 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84A2FC75 Ack: 0x5EDBAB3C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.682678 24.197.194.106:3045 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57050 IpLen:20 DgmLen:102 DF ***AP*** Seq: 0x84A54A8C Ack: 0x5EDDC1C6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.759349 24.197.194.106:3048 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57067 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84A80C89 Ack: 0x5EDEA8C7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.956646 24.197.194.106:3050 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57084 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x84A982B8 Ack: 0x5EDF28CB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.966654 24.197.194.106:3052 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57085 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84AB4013 Ack: 0x5EE002BB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.966676 24.197.194.106:3053 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57087 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84ABE8CA Ack: 0x5EE0C9FF Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.976976 24.197.194.106:3055 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57088 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x84AD67A7 Ack: 0x5EE183D8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.986647 24.197.194.106:3057 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57089 IpLen:20 DgmLen:102 DF ***AP*** Seq: 0x84AF07C9 Ack: 0x5EE2755E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:19.986674 24.197.194.106:3059 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57091 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x84B0F1C0 Ack: 0x5EE37D41 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.135533 24.197.194.106:3061 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57128 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x84B29153 Ack: 0x5EE56D74 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.144809 24.197.194.106:3062 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57129 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x84B38C05 Ack: 0x5EE5F063 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.362996 24.197.194.106:3065 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57147 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x84B61D11 Ack: 0x5EE6C7B1 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.363033 24.197.194.106:3067 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57149 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x84B73FCC Ack: 0x5EE819E8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.372998 24.197.194.106:3069 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57151 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x84B90E8B Ack: 0x5EE89BC7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.383050 24.197.194.106:3071 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57154 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84BAE9A4 Ack: 0x5EE960BD Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.383066 24.197.194.106:3073 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57155 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84BC84A9 Ack: 0x5EEA1074 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.403278 24.197.194.106:3076 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57157 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x84BEF2F7 Ack: 0x5EEAC955 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.529567 24.197.194.106:3077 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57190 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84C00ED0 Ack: 0x5EECE246 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.547403 24.197.194.106:3080 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57196 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84C28B35 Ack: 0x5EEDA98A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.587363 24.197.194.106:3081 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57204 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84C318A6 Ack: 0x5EEED522 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.597276 24.197.194.106:3084 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57206 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x84C5B737 Ack: 0x5EEFA431 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.870426 24.197.194.106:3086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57234 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84C800E6 Ack: 0x5EF1A6CB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.870429 24.197.194.106:3087 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57235 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x84C900AE Ack: 0x5EF228B2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.908914 24.197.194.106:3090 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57241 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x84CB7BF5 Ack: 0x5EF2DEFE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.921714 24.197.194.106:3091 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57245 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x84CC3CEC Ack: 0x5EF3B0F5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.931142 24.197.194.106:3093 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57249 IpLen:20 DgmLen:111 DF ***AP*** Seq: 0x84CD69F5 Ack: 0x5EF46A2A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.955774 24.197.194.106:3096 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57254 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84D02751 Ack: 0x5EF55C52 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:20.966035 24.197.194.106:3097 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57259 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x84D117D1 Ack: 0x5EF5EAFE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.305844 24.197.194.106:3103 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57292 IpLen:20 DgmLen:132 DF ***AP*** Seq: 0x84D553DA Ack: 0x5EF79460 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.322500 24.197.194.106:3104 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57296 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x84D5ECC0 Ack: 0x5EF881FE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.333292 24.197.194.106:3106 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57298 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x84D7975A Ack: 0x5EF920FA Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.341806 24.197.194.106:3107 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57300 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x84D857C9 Ack: 0x5EF9B4E4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.341811 24.197.194.106:3108 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57302 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x84D8F8DB Ack: 0x5EFA497B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.360339 24.197.194.106:3109 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57305 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x84DA3F91 Ack: 0x5EFB0AC8 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.489717 24.197.194.106:3110 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57317 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84DB7E92 Ack: 0x5EFC4646 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.498518 24.197.194.106:3111 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57320 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x84DC6AD7 Ack: 0x5EFD04D7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.614902 24.197.194.106:3112 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57326 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x84DD6EF8 Ack: 0x5EFEA4B7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:21.644705 24.197.194.106:3115 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57332 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x84E043C2 Ack: 0x5EFF888C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:22.065466 24.197.194.106:3165 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57344 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x84E28F6B Ack: 0x5F01950D Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.599231 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:22.173073 24.197.194.106:3166 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57350 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x84E38742 Ack: 0x5F02E764 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:22.502144 24.197.194.106:3168 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57356 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x84E52C56 Ack: 0x5F050057 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:22.612495 24.197.194.106:3169 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57362 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x84E67FBE Ack: 0x5F06BBF1 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:23.126594 24.197.194.106:3171 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57370 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x84E94E49 Ack: 0x5F093AB7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:23.698496 24.197.194.106:3175 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57393 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x84EEDFDA Ack: 0x5F0C2D5F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:23.806798 24.197.194.106:3176 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57398 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x84EFF067 Ack: 0x5F0D272F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:24.212841 24.197.194.106:3178 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57405 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x84F1D7A4 Ack: 0x5F0F10B5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:24.421002 24.197.194.106:3180 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57415 IpLen:20 DgmLen:135 DF ***AP*** Seq: 0x84F3F87F Ack: 0x5F10E83E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.023596 24.197.194.106:3183 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57431 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x84F77F0A Ack: 0x5F13BCCD Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.044488 24.197.194.106:3184 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57434 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x84F8469C Ack: 0x5F149289 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.259801 24.197.194.106:3187 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57452 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x84FBC8BF Ack: 0x5F1638D4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.269801 24.197.194.106:3188 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57454 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x84FC881F Ack: 0x5F172A8B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.279798 24.197.194.106:3189 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57457 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x84FD30B4 Ack: 0x5F18523E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.776198 24.197.194.106:3191 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57468 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x84FFA96C Ack: 0x5F1AC3AB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.786243 24.197.194.106:3192 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57471 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x850051B5 Ack: 0x5F1BA5DC Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:25.896288 24.197.194.106:3194 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57481 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x85024902 Ack: 0x5F1C9DF9 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:26.126710 24.197.194.106:3197 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57491 IpLen:20 DgmLen:133 DF ***AP*** Seq: 0x85050B9E Ack: 0x5F1DED0D Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.640144 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:26.314691 24.197.194.106:3198 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57503 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x85068EBC Ack: 0x5F1F9DB6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:26.441328 24.197.194.106:3201 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57516 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x85091E0F Ack: 0x5F20C667 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:26.478843 24.197.194.106:3203 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57523 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x850B723C Ack: 0x5F21CD35 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:26.915178 24.197.194.106:3206 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57537 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x850DFC99 Ack: 0x5F23B66E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:26.915186 24.197.194.106:3208 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57539 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x850F6CA7 Ack: 0x5F243703 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:27.313506 24.197.194.106:3213 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57568 IpLen:20 DgmLen:133 DF ***AP*** Seq: 0x8514422F Ack: 0x5F26C6FC Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:27.429642 24.197.194.106:3215 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57577 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x85168360 Ack: 0x5F27F180 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:27.796954 24.197.194.106:3218 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57592 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x851A4983 Ack: 0x5F2A27DC Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:00:28.125088 24.197.194.106:3245 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:57599 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x851CFCF7 Ack: 0x5F2C1396 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.699080 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:48.756117 24.197.194.106:4763 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:61937 IpLen:20 DgmLen:143 DF ***AP*** Seq: 0x88F24213 Ack: 0x606D67DE Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:48.782947 24.197.194.106:4766 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:61939 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x88F4F981 Ack: 0x606E5FE7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:48.880272 24.197.194.106:4768 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:61943 IpLen:20 DgmLen:146 DF ***AP*** Seq: 0x88F7ABE4 Ack: 0x606F9072 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:48.997502 24.197.194.106:4770 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:61948 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x88F975F2 Ack: 0x6070DFB2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:49.530219 24.197.194.106:4782 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:61963 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x89043EC0 Ack: 0x6073C144 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:49.650946 24.197.194.106:4784 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:61969 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x89069C7B Ack: 0x6074C0C5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:50.487635 24.197.194.106:4788 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:61979 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x890C7F2F Ack: 0x6078EE4B Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:51.037971 24.197.194.106:4792 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62004 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x89119B73 Ack: 0x607BCDF7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:51.058230 24.197.194.106:4793 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62010 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x8912CF06 Ack: 0x607D15F9 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:51.078020 24.197.194.106:4795 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62012 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x89146CFA Ack: 0x607DD170 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:51.184110 24.197.194.106:4797 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62020 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x89162F58 Ack: 0x607EEC60 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:51.184131 24.197.194.106:4798 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62022 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8916FB5F Ack: 0x607F83CB Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:51.916107 24.197.194.106:4804 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62046 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x891F50A9 Ack: 0x60831C69 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.722947 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:54.295274 24.197.194.106:4825 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62073 IpLen:20 DgmLen:143 DF ***AP*** Seq: 0x892D80B5 Ack: 0x608D013E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:54.416866 24.197.194.106:4827 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62078 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x892F83B1 Ack: 0x608E3017 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:54.423604 24.197.194.106:4828 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62080 IpLen:20 DgmLen:111 DF ***AP*** Seq: 0x8930D5D7 Ack: 0x608EC9CD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:01:54.431021 24.197.194.106:4830 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62083 IpLen:20 DgmLen:146 DF ***AP*** Seq: 0x893175D9 Ack: 0x608FAF8B Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.730311 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.326566 24.197.194.106:4836 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62178 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x896936E6 Ack: 0x60C5BCE7 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.353790 24.197.194.106:4838 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62180 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x896B6F81 Ack: 0x60C6DFB5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.373813 24.197.194.106:4839 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62182 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x896C5263 Ack: 0x60C76F92 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.373842 24.197.194.106:4840 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62184 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x896D18E3 Ack: 0x60C82FA4 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.492474 24.197.194.106:4841 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62188 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x896E1D5A Ack: 0x60C93354 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.510360 24.197.194.106:4842 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62190 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x896F0934 Ack: 0x60CA093B Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.638464 24.197.194.106:4843 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62197 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8970C1BA Ack: 0x60CB0167 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.666938 24.197.194.106:4844 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62201 IpLen:20 DgmLen:117 DF ***AP*** Seq: 0x897168FC Ack: 0x60CC3F55 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.685912 24.197.194.106:4845 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62204 IpLen:20 DgmLen:106 DF ***AP*** Seq: 0x8971F019 Ack: 0x60CD1C5A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.685918 24.197.194.106:4846 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62206 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8972C3B7 Ack: 0x60CD9FF8 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.712321 24.197.194.106:4847 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62210 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8973BF69 Ack: 0x60CE82AB Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.723356 24.197.194.106:4848 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62213 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8974EFAF Ack: 0x60CF5B8E Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.740609 24.197.194.106:4849 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62215 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8975B42F Ack: 0x60D0703B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.754114 24.197.194.106:4850 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62217 IpLen:20 DgmLen:143 DF ***AP*** Seq: 0x89764267 Ack: 0x60D115AC Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.789322 24.197.194.106:4851 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62219 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x8976CF09 Ack: 0x60D1C505 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.789326 24.197.194.106:4852 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62221 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8977CD41 Ack: 0x60D2C312 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.818761 24.197.194.106:4853 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62223 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x89788BD6 Ack: 0x60D34E7A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.902644 24.197.194.106:4854 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62229 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x89798FAD Ack: 0x60D4A113 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.957732 24.197.194.106:4855 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62235 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x897AA3C6 Ack: 0x60D60226 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.971456 24.197.194.106:4856 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62237 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x897B993A Ack: 0x60D6C540 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:08.971462 24.197.194.106:4857 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62239 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x897C4AAB Ack: 0x60D7590E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:02:09.010761 24.197.194.106:4858 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62241 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x897D0AF7 Ack: 0x60D7ED57 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.010783 24.197.194.106:4859 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62243 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x897DBC4F Ack: 0x60D8766B Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.029014 24.197.194.106:4860 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62245 IpLen:20 DgmLen:102 DF ***AP*** Seq: 0x897EEB12 Ack: 0x60D99DF9 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.029018 24.197.194.106:4861 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62247 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x897F7CFB Ack: 0x60DA38A5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1113:4] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 03/05-12:02:09.150385 24.197.194.106:4862 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62252 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x8980AD8B Ack: 0x60DB3DE2 Win: 0x4470 TcpLen: 20 [Xref => arachnids 297] [**] [1:988:6] WEB-IIS SAM Attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.177963 24.197.194.106:4863 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62254 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x89818737 Ack: 0x60DC351B Win: 0x4470 TcpLen: 20 [Xref => url www.ciac.org/ciac/bulletins/h-45.shtml] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.197765 24.197.194.106:4864 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62256 IpLen:20 DgmLen:98 DF ***AP*** Seq: 0x89821586 Ack: 0x60DCF1E6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.304096 24.197.194.106:4865 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62263 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x898362B2 Ack: 0x60DE07BD Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.314852 24.197.194.106:4866 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62265 IpLen:20 DgmLen:144 DF ***AP*** Seq: 0x8984A2DE Ack: 0x60DF3485 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.343355 24.197.194.106:4867 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62267 IpLen:20 DgmLen:135 DF ***AP*** Seq: 0x89854AB0 Ack: 0x60E00F06 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.361415 24.197.194.106:4868 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62269 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8985D537 Ack: 0x60E0D2A4 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.361439 24.197.194.106:4869 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62271 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8986AA15 Ack: 0x60E19203 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.511677 24.197.194.106:4870 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62274 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x8987EBAD Ack: 0x60E2C8E7 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.619638 24.197.194.106:4871 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62280 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x89897770 Ack: 0x60E42B24 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.659419 24.197.194.106:4872 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62282 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x898A22DA Ack: 0x60E4F89B Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.675600 24.197.194.106:4873 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62284 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x898AF188 Ack: 0x60E5B56A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.786666 24.197.194.106:4874 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62291 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x898C49AA Ack: 0x60E704A5 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.835895 24.197.194.106:4876 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62294 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x898D9ACE Ack: 0x60E8445D Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.835940 24.197.194.106:4877 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62296 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x898E3C32 Ack: 0x60E90D8B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.860255 24.197.194.106:4878 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62298 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x898F02E7 Ack: 0x60E98DE4 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.875845 24.197.194.106:4879 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62300 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x898F97AB Ack: 0x60EA86D7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:09.996587 24.197.194.106:4880 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62304 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x89908680 Ack: 0x60EBCFDB Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:10.013790 24.197.194.106:4881 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62306 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x899181B7 Ack: 0x60ECE8F7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:10.344716 24.197.194.106:4882 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62309 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x8993A640 Ack: 0x60EEC465 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:10.792325 24.197.194.106:4883 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62312 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8996492A Ack: 0x60F0EC8A Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:11.141648 24.197.194.106:4884 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62316 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x899811E2 Ack: 0x60F320A5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:11.260734 24.197.194.106:4885 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62320 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x8999249A Ack: 0x60F40BBE Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:11.388902 24.197.194.106:4887 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62324 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x899A3E2C Ack: 0x60F54EA0 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:11.650092 24.197.194.106:4888 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62327 IpLen:20 DgmLen:146 DF ***AP*** Seq: 0x899C3685 Ack: 0x60F701FD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:11.785762 24.197.194.106:4889 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62330 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x899D4ABB Ack: 0x60F7FC60 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:11.893295 24.197.194.106:4890 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62333 IpLen:20 DgmLen:149 DF ***AP*** Seq: 0x899EF870 Ack: 0x60F939D7 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:12.034025 24.197.194.106:4891 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62336 IpLen:20 DgmLen:115 DF ***AP*** Seq: 0x89A04C78 Ack: 0x60FAA850 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.824859 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:12.141452 24.197.194.106:4892 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62341 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x89A15296 Ack: 0x60FBDE86 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:12.191444 24.197.194.106:4893 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62343 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x89A1D4C3 Ack: 0x60FCCFE1 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:12.202876 24.197.194.106:4894 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62345 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x89A30E2C Ack: 0x60FE1720 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:12.299594 24.197.194.106:4895 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62348 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x89A40E15 Ack: 0x60FF0A48 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:12.746736 24.197.194.106:4896 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62352 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x89A65FC3 Ack: 0x610164D9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:12.776204 24.197.194.106:4897 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62355 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0x89A6F950 Ack: 0x61021E4D Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:13.106533 24.197.194.106:4898 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62358 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x89A97344 Ack: 0x61049E65 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:13.466944 24.197.194.106:4899 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62361 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x89AB4021 Ack: 0x610688EA Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:15.055869 24.197.194.106:4900 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62366 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x89B237CE Ack: 0x610D953D Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:15.191884 24.197.194.106:4901 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62370 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x89B32219 Ack: 0x610EAC2C Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:15.500082 24.197.194.106:4902 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62374 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x89B53D78 Ack: 0x6110C939 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.844783 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:29.201627 24.197.194.106:4907 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62394 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x89EB07F1 Ack: 0x61459CE3 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:29.330296 24.197.194.106:4908 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62398 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x89EBF658 Ack: 0x61469769 Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.849561 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:44.634311 24.197.194.106:4916 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62424 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8A279E5B Ack: 0x61823950 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:44.782052 24.197.194.106:4918 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62429 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x8A291FF0 Ack: 0x61834654 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:44.802393 24.197.194.106:4919 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62431 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x8A2A125F Ack: 0x61841FEF Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:45.221190 24.197.194.106:4922 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62436 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8A2C6A79 Ack: 0x618642C7 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:45.701082 24.197.194.106:4925 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62442 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x8A2F355F Ack: 0x6188B31F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:45.807149 24.197.194.106:4926 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62446 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x8A308CE5 Ack: 0x6189C2D5 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:46.786611 24.197.194.106:4927 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62450 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x8A34F68C Ack: 0x618E64A2 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:47.325690 24.197.194.106:4929 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62458 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8A37DD24 Ack: 0x61913326 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:47.505943 24.197.194.106:4932 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62465 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8A390562 Ack: 0x61923B40 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:47.726741 24.197.194.106:4934 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62468 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8A39EE68 Ack: 0x6193475B Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:47.834515 24.197.194.106:4936 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62472 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8A3B223C Ack: 0x6194F928 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.873699 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:48.494501 24.197.194.106:4939 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62478 IpLen:20 DgmLen:143 DF ***AP*** Seq: 0x8A3E4E36 Ack: 0x61982C5D Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:49.471497 24.197.194.106:4942 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62485 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x8A41B140 Ack: 0x619B87A1 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.878407 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:52.299903 24.197.194.106:4943 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62491 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8A4C5808 Ack: 0x61A8067A Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:52.558524 24.197.194.106:4983 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62500 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8A4E6C26 Ack: 0x61A9C78A Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:52.578231 24.197.194.106:4984 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62502 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8A4F5590 Ack: 0x61AABA5A Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:02:52.798255 24.197.194.106:4986 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62505 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8A5115AF Ack: 0x61AC3A29 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.888562 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:09.818753 24.197.194.106:4991 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62528 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8A92EE55 Ack: 0x61EE5796 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:09.916390 24.197.194.106:4993 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62536 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8A940849 Ack: 0x61EFACBC Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:09.945243 24.197.194.106:4994 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62543 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x8A949A2C Ack: 0x61F04AA1 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:09.975430 24.197.194.106:4995 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62545 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8A957304 Ack: 0x61F0F8E6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.210718 24.197.194.106:4997 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62550 IpLen:20 DgmLen:108 DF ***AP*** Seq: 0x8A97280B Ack: 0x61F2C034 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.227012 24.197.194.106:4996 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62551 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8A96672D Ack: 0x61F21921 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.547164 24.197.194.106:1025 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62566 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x8A99444A Ack: 0x61F6752C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.558782 24.197.194.106:4999 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62567 IpLen:20 DgmLen:143 DF ***AP*** Seq: 0x8A989E16 Ack: 0x61F59335 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.558789 24.197.194.106:1027 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62569 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x8A9A1F31 Ack: 0x61F74799 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.577664 24.197.194.106:1029 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62572 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x8A9AFEE5 Ack: 0x61F7EC66 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.796130 24.197.194.106:1031 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62576 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x8A9C4176 Ack: 0x61F92E1F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.913344 24.197.194.106:1033 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62588 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8A9D24C0 Ack: 0x61FB2233 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:10.934412 24.197.194.106:1035 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62590 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x8A9DC669 Ack: 0x61FBF4DD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.213406 24.197.194.106:1038 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62606 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x8A9F21E8 Ack: 0x61FCD93E Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.213417 24.197.194.106:1040 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62607 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x8AA02029 Ack: 0x61FDD758 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.213441 24.197.194.106:1042 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62608 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8AA0E83C Ack: 0x61FE7363 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.220876 24.197.194.106:1044 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62609 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x8AA22FE5 Ack: 0x61FF0A43 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.289102 24.197.194.106:1046 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62616 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x8AA2DB6E Ack: 0x6200FE37 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.300654 24.197.194.106:1047 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62618 IpLen:20 DgmLen:103 DF ***AP*** Seq: 0x8AA37BA6 Ack: 0x6201D79D Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.300658 24.197.194.106:1048 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62620 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8AA4B089 Ack: 0x62029BD9 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.549510 24.197.194.106:1050 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62632 IpLen:20 DgmLen:125 DF ***AP*** Seq: 0x8AA5C3F4 Ack: 0x6203D09F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.549525 24.197.194.106:1052 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62633 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x8AA69132 Ack: 0x62045611 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:11.560668 24.197.194.106:1054 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62634 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0x8AA726A5 Ack: 0x6204DE43 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.003735 24.197.194.106:1055 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62642 IpLen:20 DgmLen:143 DF ***AP*** Seq: 0x8AA8133E Ack: 0x62077CF9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.003748 24.197.194.106:1056 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62643 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x8AA91030 Ack: 0x62080546 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.128036 24.197.194.106:1058 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62649 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x8AAA4D24 Ack: 0x620984A7 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.158364 24.197.194.106:1059 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62652 IpLen:20 DgmLen:118 DF ***AP*** Seq: 0x8AAB55A4 Ack: 0x620ADC9C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.294042 24.197.194.106:1062 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62663 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8AAC4724 Ack: 0x620BE36C Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.304336 24.197.194.106:1064 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62665 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x8AAD37B0 Ack: 0x620C8181 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.323436 24.197.194.106:1066 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62667 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8AAE3236 Ack: 0x620D303F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.738444 24.197.194.106:1068 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62680 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x8AB0A2B7 Ack: 0x620FA1FF Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.752600 24.197.194.106:1070 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62682 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8AB17B07 Ack: 0x62109521 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:12.752604 24.197.194.106:1072 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62684 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8AB26401 Ack: 0x621129E0 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.023400 24.197.194.106:1074 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62698 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8AB35520 Ack: 0x621242C9 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.038551 24.197.194.106:1075 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62699 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8AB3D7C4 Ack: 0x62138C34 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.038554 24.197.194.106:1077 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62700 IpLen:20 DgmLen:114 DF ***AP*** Seq: 0x8AB54B3E Ack: 0x62152DD8 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.038556 24.197.194.106:1076 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62701 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x8AB4933E Ack: 0x621452EA Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:07.967324 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.135899 24.197.194.106:1078 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62710 IpLen:20 DgmLen:129 DF ***AP*** Seq: 0x8AB662E9 Ack: 0x6216D819 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.135901 24.197.194.106:1079 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62711 IpLen:20 DgmLen:113 DF ***AP*** Seq: 0x8AB719A9 Ack: 0x62175D88 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.159575 24.197.194.106:1080 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62713 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8AB830B6 Ack: 0x6217F54B Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.172879 24.197.194.106:1081 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62715 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x8AB8C60E Ack: 0x6218F906 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.405729 24.197.194.106:1082 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62721 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8AB9DCFB Ack: 0x621A42F5 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.405816 24.197.194.106:1083 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62722 IpLen:20 DgmLen:109 DF ***AP*** Seq: 0x8ABABA50 Ack: 0x621AE26B Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:13.734854 24.197.194.106:1085 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62728 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8ABD644D Ack: 0x621D1B6E Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:14.412573 24.197.194.106:1086 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62732 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x8AC06BF2 Ack: 0x622063C0 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:14.953423 24.197.194.106:1087 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62741 IpLen:20 DgmLen:119 DF ***AP*** Seq: 0x8AC31811 Ack: 0x622365FE Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:15.380959 24.197.194.106:1089 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62745 IpLen:20 DgmLen:142 DF ***AP*** Seq: 0x8AC55BFC Ack: 0x62258A24 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:15.630544 24.197.194.106:1090 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62752 IpLen:20 DgmLen:133 DF ***AP*** Seq: 0x8AC758A7 Ack: 0x622742A1 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:15.669862 24.197.194.106:1091 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62754 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8AC8011A Ack: 0x62283D31 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:15.779421 24.197.194.106:1092 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62758 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8AC911E5 Ack: 0x62298401 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:16.019740 24.197.194.106:1093 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62761 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0x8ACAA61B Ack: 0x622AD003 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:16.237028 24.197.194.106:1094 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62768 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8ACBB994 Ack: 0x622CD833 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:16.255895 24.197.194.106:1095 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62770 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8ACCA7AD Ack: 0x622D9EDB Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:16.396197 24.197.194.106:1096 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62775 IpLen:20 DgmLen:123 DF ***AP*** Seq: 0x8ACE2106 Ack: 0x622EADFF Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:16.415017 24.197.194.106:1097 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62777 IpLen:20 DgmLen:141 DF ***AP*** Seq: 0x8ACF02EC Ack: 0x622F515C Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.006383 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:17.124204 24.197.194.106:1099 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62784 IpLen:20 DgmLen:144 DF ***AP*** Seq: 0x8AD1FD10 Ack: 0x6232FDE6 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:17.235092 24.197.194.106:1084 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62788 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8ABC131E Ack: 0x62345C07 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:17.273046 24.197.194.106:1100 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62790 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8AD2E478 Ack: 0x62353EAD Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:17.513149 24.197.194.106:1101 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62794 IpLen:20 DgmLen:126 DF ***AP*** Seq: 0x8AD4799C Ack: 0x6236F5A6 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:17.758730 24.197.194.106:1102 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62798 IpLen:20 DgmLen:142 DF ***AP*** Seq: 0x8AD65B30 Ack: 0x6238B7CD Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:19.478184 24.197.194.106:1103 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62809 IpLen:20 DgmLen:134 DF ***AP*** Seq: 0x8ADDA0B7 Ack: 0x62400DD0 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:19.615988 24.197.194.106:1104 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62813 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x8ADE9613 Ack: 0x6240F141 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:20.064278 24.197.194.106:1105 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62816 IpLen:20 DgmLen:145 DF ***AP*** Seq: 0x8AE006DE Ack: 0x624312EF Win: 0x4470 TcpLen: 20 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.024234 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:33.831580 24.197.194.106:1109 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62834 IpLen:20 DgmLen:111 DF ***AP*** Seq: 0x8B152559 Ack: 0x62777295 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:33.951259 24.197.194.106:1110 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62838 IpLen:20 DgmLen:130 DF ***AP*** Seq: 0x8B161CD6 Ack: 0x6278DE77 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.028924 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:49.338811 24.197.194.106:1115 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62857 IpLen:20 DgmLen:107 DF ***AP*** Seq: 0x8B51F95E Ack: 0x62B29FFA Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:49.925166 24.197.194.106:1118 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62867 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8B558546 Ack: 0x62B55369 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:50.534498 24.197.194.106:1119 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62872 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8B58CE3C Ack: 0x62B8BFA9 Win: 0x4470 TcpLen: 20 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:52.169017 24.197.194.106:1122 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62891 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x8B61640A Ack: 0x62BF969D Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:52.329818 24.197.194.106:1124 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62898 IpLen:20 DgmLen:127 DF ***AP*** Seq: 0x8B63C426 Ack: 0x62C13E8F Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.043532 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:56.505876 24.197.194.106:1157 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62943 IpLen:20 DgmLen:124 DF ***AP*** Seq: 0x8B74FF1F Ack: 0x62D1A9CD Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:56.836176 24.197.194.106:1158 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62952 IpLen:20 DgmLen:116 DF ***AP*** Seq: 0x8B76F498 Ack: 0x62D3C337 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:56.903836 24.197.194.106:1159 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62955 IpLen:20 DgmLen:105 DF ***AP*** Seq: 0x8B77F85C Ack: 0x62D4FB51 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:58.500727 24.197.194.106:1202 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62980 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8B7F6122 Ack: 0x62DC0186 Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:03:59.331196 24.197.194.106:1203 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:62998 IpLen:20 DgmLen:135 DF ***AP*** Seq: 0x8B83B82D Ack: 0x62E00D47 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.054266 [**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:04:01.547218 24.197.194.106:1206 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:63025 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x8B8E466E Ack: 0x62E915DC Win: 0x4470 TcpLen: 20 [**] [1:974:6] WEB-IIS .... access [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:04:02.727398 24.197.194.106:1208 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:63043 IpLen:20 DgmLen:131 DF ***AP*** Seq: 0x8B93DB15 Ack: 0x62EE9B9C Win: 0x4470 TcpLen: 20 [Xref => cve CAN-1999-0229][Xref => bugtraq 2218] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.098061 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-12:05:15.105309 213.122.77.74:1547 -> 172.16.134.191:1434 UDP TTL:109 TOS:0x0 ID:7744 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.102032 [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.107694 [**] [1:971:3] WEB-IIS ISAPI .printer access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/05-12:05:52.291767 24.197.194.106:2516 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:5435 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0x8F834377 Ack: 0x648EC7A0 Win: 0x4470 TcpLen: 20 [Xref => arachnids 533][Xref => cve CAN-2001-0241] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.110629 [**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:06:27.884689 24.197.194.106:3427 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:10689 IpLen:20 DgmLen:367 DF ***AP*** Seq: 0x9227B1A6 Ack: 0x65238622 Win: 0x4470 TcpLen: 20 [Xref => cve CAN-2000-0071][Xref => bugtraq 1065][Xref => arachnids 552] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.122580 [**] [1:1244:7] WEB-IIS ISAPI .idq attempt [**] [Classification: Web Application Attack] [Priority: 1] 03/05-12:06:54.522623 24.197.194.106:3823 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:11340 IpLen:20 DgmLen:367 DF ***AP*** Seq: 0x92FD87A6 Ack: 0x6589E88F Win: 0x4470 TcpLen: 20 [Xref => bugtraq 1065][Xref => cve CAN-2000-0071][Xref => arachnids 553] [**] [100:2:1] spp_portscan: portscan status from 24.197.194.106: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 04/18-11:45:08.143133 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-12:12:58.603240 61.185.242.190:1041 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:49508 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [100:3:1] spp_portscan: End of portscan from 24.197.194.106: TOTAL time(1476s) hosts(1) TCP(171) UDP(0) [**] 04/18-11:45:08.158806 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-13:45:02.209779 218.244.66.32:3058 -> 172.16.134.191:1434 UDP TTL:115 TOS:0x0 ID:30866 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-15:16:02.455569 61.150.120.72:1362 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:58879 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-15:16:15.306900 68.45.123.130:1169 -> 172.16.134.191:1434 UDP TTL:108 TOS:0x0 ID:15419 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-15:46:54.292311 61.203.104.148:3277 -> 172.16.134.191:1434 UDP TTL:113 TOS:0x0 ID:54239 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-16:21:53.745028 61.177.62.66:3480 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:1506 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-18:09:26.563535 217.35.65.9:3013 -> 172.16.134.191:1434 UDP TTL:106 TOS:0x0 ID:31766 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-19:28:22.541062 219.145.211.3:1154 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:3926 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-19:29:24.130741 61.134.45.19:1767 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:26580 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-19:41:19.610643 218.4.99.237:1110 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:38118 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-20:13:49.654194 205.180.159.35:63162 -> 172.16.134.191:1434 UDP TTL:116 TOS:0x0 ID:26250 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-21:55:28.070353 61.150.120.72:1362 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:12855 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-22:05:23.734294 61.185.215.42:3232 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:42668 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/05-22:27:06.017809 67.81.161.166:32768 -> 172.16.134.191:1434 UDP TTL:107 TOS:0x0 ID:36371 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/06-00:26:41.767828 61.150.72.7:1113 -> 172.16.134.191:1434 UDP TTL:111 TOS:0x0 ID:8034 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/06-00:46:52.530199 212.122.20.74:1307 -> 172.16.134.191:1434 UDP TTL:100 TOS:0x0 ID:51771 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:542:8] CHAT IRC nick change [**] [Classification: Misc activity] [Priority: 3] 03/06-04:56:16.794916 172.16.134.191:1133 -> 63.241.174.144:6667 TCP TTL:127 TOS:0x0 ID:37983 IpLen:20 DgmLen:95 DF ***AP*** Seq: 0xDBDA75C7 Ack: 0x926718DE Win: 0x42DD TcpLen: 20 [**] [1:542:8] CHAT IRC nick change [**] [Classification: Misc activity] [Priority: 3] 03/06-04:56:37.569359 172.16.134.191:1139 -> 217.199.175.10:6667 TCP TTL:127 TOS:0x0 ID:38012 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0xDC32A0EB Ack: 0x97EE9F11 Win: 0x43D7 TcpLen: 20 [**] [1:542:8] CHAT IRC nick change [**] [Classification: Misc activity] [Priority: 3] 03/06-05:23:19.767469 172.16.134.191:1152 -> 209.196.44.172:6667 TCP TTL:127 TOS:0x0 ID:38687 IpLen:20 DgmLen:101 DF ***AP*** Seq: 0xF544C5CE Ack: 0xFE4C0163 Win: 0x43D7 TcpLen: 20 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/06-07:49:20.756742 218.4.65.115:2705 -> 172.16.134.191:1434 UDP TTL:110 TOS:0x0 ID:20961 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310] [**] [1:1042:6] WEB-IIS view source via translate header [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 03/06-08:57:28.942032 66.8.163.125:3746 -> 172.16.134.191:80 TCP TTL:114 TOS:0x0 ID:5314 IpLen:20 DgmLen:190 DF ***AP*** Seq: 0x6E394D48 Ack: 0xDEE2EA62 Win: 0xFF3C TcpLen: 20 [Xref => bugtraq 1578][Xref => arachnids 305] [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 03/06-09:22:01.174408 219.145.211.132:1831 -> 172.16.134.191:1434 UDP TTL:112 TOS:0x0 ID:28213 IpLen:20 DgmLen:404 Len: 384 [Xref => url vil.nai.com/vil/content/v_99992.htm][Xref => bugtraq 5311][Xref => bugtraq 5310]