[**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.713736 192.168.1.21:55771 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:12563 IpLen:20 DgmLen:203 DF ***AP*** Seq: 0x22051645 Ack: 0xDAECC14D Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192341 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.713736 192.168.1.21:55771 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:12563 IpLen:20 DgmLen:203 DF ***AP*** Seq: 0x22051645 Ack: 0xDAECC14D Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192341 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.715967 192.168.1.21:55773 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:64842 IpLen:20 DgmLen:210 DF ***AP*** Seq: 0x21FEDA20 Ack: 0xE1FC2699 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192344 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.715967 192.168.1.21:55773 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:64842 IpLen:20 DgmLen:210 DF ***AP*** Seq: 0x21FEDA20 Ack: 0xE1FC2699 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192344 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.716954 192.168.1.21:55774 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:51095 IpLen:20 DgmLen:202 DF ***AP*** Seq: 0x2203E0CE Ack: 0x31E679E Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192345 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.716954 192.168.1.21:55774 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:51095 IpLen:20 DgmLen:202 DF ***AP*** Seq: 0x2203E0CE Ack: 0x31E679E Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192345 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.717817 192.168.1.21:55775 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:38418 IpLen:20 DgmLen:215 DF ***AP*** Seq: 0x2254B14A Ack: 0x5920732E Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192345 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.717817 192.168.1.21:55775 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:38418 IpLen:20 DgmLen:215 DF ***AP*** Seq: 0x2254B14A Ack: 0x5920732E Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192345 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1147:7] WEB-MISC cat%20 access [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.736410 192.168.1.21:55776 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:32631 IpLen:20 DgmLen:218 DF ***AP*** Seq: 0x21FA581A Ack: 0x1725C602 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192364 0 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0039][Xref => http://www.securityfocus.com/bid/374] [**] [1:1071:6] WEB-MISC .htpasswd access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.748908 192.168.1.21:55782 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:8391 IpLen:20 DgmLen:223 DF ***AP*** Seq: 0x21AF07BE Ack: 0xC99F93AF Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192377 0 [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.756537 192.168.1.21:55786 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:35423 IpLen:20 DgmLen:208 DF ***AP*** Seq: 0x219FADDE Ack: 0x6EBCC27D Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192384 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.756537 192.168.1.21:55786 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:35423 IpLen:20 DgmLen:208 DF ***AP*** Seq: 0x219FADDE Ack: 0x6EBCC27D Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192384 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1002:7] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.761447 192.168.1.21:55788 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:592 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x225025CC Ack: 0x7A421B09 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192389 0 [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.761447 192.168.1.21:55788 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:592 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x225025CC Ack: 0x7A421B09 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192389 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.761447 192.168.1.21:55788 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:592 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x225025CC Ack: 0x7A421B09 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192389 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1002:7] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.769384 192.168.1.21:55789 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:38935 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x2211BF99 Ack: 0xB6D50C86 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192397 0 [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.769384 192.168.1.21:55789 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:38935 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x2211BF99 Ack: 0xB6D50C86 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192397 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.769384 192.168.1.21:55789 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:38935 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x2211BF99 Ack: 0xB6D50C86 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192397 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1002:7] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.773697 192.168.1.21:55790 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:4435 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x218336C1 Ack: 0x5FDD3C2F Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192401 0 [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.773697 192.168.1.21:55790 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:4435 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x218336C1 Ack: 0x5FDD3C2F Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192401 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.773697 192.168.1.21:55790 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:4435 IpLen:20 DgmLen:219 DF ***AP*** Seq: 0x218336C1 Ack: 0x5FDD3C2F Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192401 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.775868 192.168.1.21:55792 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:51815 IpLen:20 DgmLen:202 DF ***AP*** Seq: 0x2208EDF7 Ack: 0xB126F6B9 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192404 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.775868 192.168.1.21:55792 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:51815 IpLen:20 DgmLen:202 DF ***AP*** Seq: 0x2208EDF7 Ack: 0xB126F6B9 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192404 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.780869 192.168.1.21:55793 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:60788 IpLen:20 DgmLen:240 DF ***AP*** Seq: 0x221ACAEB Ack: 0xBBE35E7 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192409 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.780869 192.168.1.21:55793 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:60788 IpLen:20 DgmLen:240 DF ***AP*** Seq: 0x221ACAEB Ack: 0xBBE35E7 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192409 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1147:7] WEB-MISC cat%20 access [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.793759 192.168.1.21:55795 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:48704 IpLen:20 DgmLen:215 DF ***AP*** Seq: 0x218A999C Ack: 0xD931C62D Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192421 0 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0039][Xref => http://www.securityfocus.com/bid/374] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.793759 192.168.1.21:55795 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:48704 IpLen:20 DgmLen:215 DF ***AP*** Seq: 0x218A999C Ack: 0xD931C62D Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192421 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.793759 192.168.1.21:55795 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:48704 IpLen:20 DgmLen:215 DF ***AP*** Seq: 0x218A999C Ack: 0xD931C62D Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192421 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1147:7] WEB-MISC cat%20 access [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.798535 192.168.1.21:55796 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:28166 IpLen:20 DgmLen:199 DF ***AP*** Seq: 0x21AE49AF Ack: 0xFE38CD06 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192426 0 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0039][Xref => http://www.securityfocus.com/bid/374] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.799832 192.168.1.21:55797 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:35832 IpLen:20 DgmLen:247 DF ***AP*** Seq: 0x2194AC5E Ack: 0xCA87208 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192427 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.799832 192.168.1.21:55797 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:35832 IpLen:20 DgmLen:247 DF ***AP*** Seq: 0x2194AC5E Ack: 0xCA87208 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192427 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.801458 192.168.1.21:55799 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:40317 IpLen:20 DgmLen:209 DF ***AP*** Seq: 0x21CBBAD7 Ack: 0xCE01FCAA Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192429 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.801458 192.168.1.21:55799 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:40317 IpLen:20 DgmLen:209 DF ***AP*** Seq: 0x21CBBAD7 Ack: 0xCE01FCAA Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192429 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.808872 192.168.1.21:55801 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:42944 IpLen:20 DgmLen:210 DF ***AP*** Seq: 0x21A0800B Ack: 0x1FAF15B7 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192437 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.808872 192.168.1.21:55801 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:42944 IpLen:20 DgmLen:210 DF ***AP*** Seq: 0x21A0800B Ack: 0x1FAF15B7 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192437 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.811548 192.168.1.21:55803 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:62046 IpLen:20 DgmLen:216 DF ***AP*** Seq: 0x2197D5EC Ack: 0x139B563B Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192439 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.811548 192.168.1.21:55803 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:62046 IpLen:20 DgmLen:216 DF ***AP*** Seq: 0x2197D5EC Ack: 0x139B563B Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192439 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:1113:5] WEB-MISC http directory traversal [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.813297 192.168.1.21:55805 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:22232 IpLen:20 DgmLen:241 DF ***AP*** Seq: 0x22087170 Ack: 0xB0E90CF1 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192441 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**] [Classification: Attempted Information Leak] [Priority: 2] 06/02-20:57:43.813297 192.168.1.21:55805 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:22232 IpLen:20 DgmLen:241 DF ***AP*** Seq: 0x22087170 Ack: 0xB0E90CF1 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192441 0 [Xref => http://www.whitehats.com/info/IDS297] [**] [1:2229:4] WEB-PHP viewtopic.php access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.819412 192.168.1.21:55810 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:17465 IpLen:20 DgmLen:218 DF ***AP*** Seq: 0x21CC6389 Ack: 0xF4B0F1C0 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192447 0 [Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979] [**] [1:2229:4] WEB-PHP viewtopic.php access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.820428 192.168.1.21:55811 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:59974 IpLen:20 DgmLen:223 DF ***AP*** Seq: 0x21ACCD85 Ack: 0x68ED7B3E Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192448 0 [Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979] [**] [1:2229:4] WEB-PHP viewtopic.php access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.821240 192.168.1.21:55812 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:17941 IpLen:20 DgmLen:224 DF ***AP*** Seq: 0x222F61D3 Ack: 0xD5FB4D83 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192449 0 [Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979] [**] [1:2565:1] WEB-PHP modules.php access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/02-20:57:43.822726 192.168.1.21:55814 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:29695 IpLen:20 DgmLen:216 DF ***AP*** Seq: 0x22635440 Ack: 0xE48117DF Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192450 0 [Xref => http://www.securityfocus.com/bid/9879] [**] [1:2565:1] WEB-PHP modules.php access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/02-20:57:43.823514 192.168.1.21:55815 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:52427 IpLen:20 DgmLen:218 DF ***AP*** Seq: 0x21B3EB0B Ack: 0x36371419 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192451 0 [Xref => http://www.securityfocus.com/bid/9879] [**] [1:2565:1] WEB-PHP modules.php access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/02-20:57:43.824333 192.168.1.21:55816 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:51241 IpLen:20 DgmLen:221 DF ***AP*** Seq: 0x2200EFE4 Ack: 0xF7605CB3 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192452 0 [Xref => http://www.securityfocus.com/bid/9879] [**] [1:1497:6] WEB-MISC cross site scripting attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-20:57:43.824333 192.168.1.21:55816 -> 192.168.1.247:80 TCP TTL:64 TOS:0x0 ID:51241 IpLen:20 DgmLen:221 DF ***AP*** Seq: 0x2200EFE4 Ack: 0xF7605CB3 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1504192452 0