[**] [1:2123:2] ATTACK-RESPONSES Microsoft cmd.exe banner [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] 03/09-19:43:56.034979 66.59.111.182:80 -> xxx:60134 TCP TTL:45 TOS:0x0 ID:45583 IpLen:20 DgmLen:1492 DF ***A**** Seq: 0x5314DE4 Ack: 0xC70EBBC2 Win: 0x198C TcpLen: 32 TCP Options (3) => NOP NOP TS: 193196204 1313605945 [Xref => http://cgi.nessus.org/plugins/dump.php3?id=11633] [**] [1:498:6] ATTACK-RESPONSES id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2] 03/09-20:46:19.176514 64.151.140.130:80 -> xxx:62038 TCP TTL:52 TOS:0x0 ID:42702 IpLen:20 DgmLen:1492 DF ***A**** Seq: 0x13E85710 Ack: 0x6F91FBB5 Win: 0x1920 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1894901317 1313613431 [**] [1:1417:2] SNMP request udp [**] [Classification: Attempted Information Leak] [Priority: 2] 06/17-08:44:41.865372 192.168.1.7:33156 -> 192.168.1.1:161 UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:121 DF Len: 93 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012] ...
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
Submit an article or tip