[bits] jay gets attacked by koreans

jay Tue, 04 Jun 2002 11:00:04 -0700

i get portscanned every once in a while, but this is the first time
someone's out and out tried to actually penetrate my box.


can anyone tell what vulnerability scanner he used?

=jay

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jun  4 06:28:09 spam inetd[304]: pop3/tcp server failing (looping), service terminated
Jun  4 06:28:09 spam /kernel: Jun  4 06:28:09 spam inetd[304]: pop3/tcp server failing 
(looping), service terminated
Jun  4 06:28:22 spam sshd[22366]: Did not receive identification string from 
61.84.14.135
Jun  4 06:28:29 spam sshd[22368]: Did not receive identification string from 
61.84.14.135

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jun  4 06:28:01 abunai snort: [1:1103:3] WEB-MISC netscape admin passwd 
[Classification: Web Application Attack] [Priority: 1]: {TCP} 61.84.14.135:2611 -> 
64.81.53.11:80
Jun  4 06:29:24 abunai snort: [1:809:2] WEB-CGI whoisraw attempt [Classification: Web 
Application Attack] [Priority: 1]: {TCP} 61.84.14.135:1470 -> 64.81.53.11:80
Jun  4 06:29:46 abunai snort: [1:1089:2] WEB-MISC shopping cart directory traversal 
[Classification: Web Application Attack] [Priority: 1]: {TCP} 61.84.14.135:1878 -> 
64.81.53.11:80
Jun  4 06:31:01 abunai snort: [1:1071:2] WEB-MISC .htpasswd access [Classification: 
Web Application Attack] [Priority: 1]: {TCP} 61.84.14.135:3363 -> 64.81.53.11:80

Security Violations
=-=-=-=-=-=-=-=-=-=
Jun  4 06:27:45 abunai snort: spp_portscan: PORTSCAN DETECTED from 61.84.14.135 
(THRESHOLD 4 connections exceeded in 2 seconds)
Jun  4 06:27:46 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1821 -> 64.81.53.11:80
Jun  4 06:27:48 abunai snort: [1:553:2] INFO FTP anonymous login attempt 
[Classification: Misc activity] [Priority: 3]: {TCP} 61.84.14.135:1891 -> 
64.81.53.11:21
Jun  4 06:27:48 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1903 -> 64.81.53.11:80
Jun  4 06:27:48 abunai snort: spp_portscan: portscan status from 61.84.14.135: 16 
connections across 1 hosts: TCP(15), UDP(1)
Jun  4 06:27:51 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2049 -> 64.81.53.11:80
Jun  4 06:27:51 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2047
Jun  4 06:27:51 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2064 -> 64.81.53.11:80
Jun  4 06:27:51 abunai snort: [1:615:2] SCAN Proxy attempt [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2080 -> 64.81.53.11:1080
Jun  4 06:27:51 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2060
Jun  4 06:27:51 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2047
Jun  4 06:27:51 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2060
Jun  4 06:27:51 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2047
Jun  4 06:27:51 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2060
Jun  4 06:27:51 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2047
Jun  4 06:27:52 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2060
Jun  4 06:27:52 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2047
Jun  4 06:27:53 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2168 -> 64.81.53.11:80
Jun  4 06:27:53 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:53 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:54 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:54 abunai snort: [1:615:2] SCAN Proxy attempt [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2080 -> 64.81.53.11:1080
Jun  4 06:27:54 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:54 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:54 abunai snort: [1:1201:2] WEB-MISC 403 Forbidden [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 64.81.53.11:80 -> 61.84.14.135:2244
Jun  4 06:27:54 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2239
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2243
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2251
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2255
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2261
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2239
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2243
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2267
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2158
Jun  4 06:27:55 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2251
Jun  4 06:27:56 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2255
Jun  4 06:27:56 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2295
Jun  4 06:27:56 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2296
Jun  4 06:27:56 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2261
Jun  4 06:27:56 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2283
Jun  4 06:27:56 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2243
Jun  4 06:27:56 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2267
Jun  4 06:27:57 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2295
Jun  4 06:27:57 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2267
Jun  4 06:27:57 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2290
Jun  4 06:27:57 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2295
Jun  4 06:27:57 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2290
Jun  4 06:27:58 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2404
Jun  4 06:27:58 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2295
Jun  4 06:27:58 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2404
Jun  4 06:27:58 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2404
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2404
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2496
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2404
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2503
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2506
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2510
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2496
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2404
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2503
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2521
Jun  4 06:27:59 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2506
Jun  4 06:28:01 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2506
Jun  4 06:28:01 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2510
Jun  4 06:28:01 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2503
Jun  4 06:28:01 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2521
Jun  4 06:28:01 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2510
Jun  4 06:28:01 abunai snort: [1:1103:3] WEB-MISC netscape admin passwd 
[Classification: Web Application Attack] [Priority: 1]: {TCP} 61.84.14.135:2611 -> 
64.81.53.11:80
Jun  4 06:28:01 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2503
Jun  4 06:28:02 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2679
Jun  4 06:28:02 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2681
Jun  4 06:28:02 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2679
Jun  4 06:28:02 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2681
Jun  4 06:28:02 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2694
Jun  4 06:28:02 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2679
Jun  4 06:28:03 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2681
Jun  4 06:28:03 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2694
Jun  4 06:28:03 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2679
Jun  4 06:28:03 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2681
Jun  4 06:28:03 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2694
Jun  4 06:28:03 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2679
Jun  4 06:28:03 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2681
Jun  4 06:28:04 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2694
Jun  4 06:28:04 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2679
Jun  4 06:28:04 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2776 -> 64.81.53.11:80
Jun  4 06:28:04 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2694
Jun  4 06:28:04 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2784 -> 64.81.53.11:80
Jun  4 06:28:04 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2679
Jun  4 06:28:05 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2694
Jun  4 06:28:05 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2813
Jun  4 06:28:05 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2813
Jun  4 06:28:05 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2813
Jun  4 06:28:05 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2813
Jun  4 06:28:06 abunai snort: [1:491:2] FTP Bad login [Classification: Potentially Bad 
Traffic] [Priority: 2]: {TCP} 64.81.53.11:21 -> 61.84.14.135:2813
Jun  4 06:28:07 abunai snort: [1:1164:1] WEB-MISC shopping cart access access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2912 -> 
64.81.53.11:80
Jun  4 06:28:08 abunai snort: spp_portscan: portscan status from 61.84.14.135: 7 
connections across 1 hosts: TCP(7), UDP(0)
Jun  4 06:28:12 abunai snort: spp_portscan: portscan status from 61.84.14.135: 3 
connections across 1 hosts: TCP(3), UDP(0)
Jun  4 06:28:16 abunai snort: spp_portscan: portscan status from 61.84.14.135: 5 
connections across 1 hosts: TCP(5), UDP(0)
Jun  4 06:28:17 abunai snort: [1:1161:2] WEB-MISC piranha passwd.php3 access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3375 -> 
64.81.53.11:80
Jun  4 06:28:20 abunai snort: spp_portscan: portscan status from 61.84.14.135: 4 
connections across 1 hosts: TCP(4), UDP(0)
Jun  4 06:28:25 abunai snort: spp_portscan: portscan status from 61.84.14.135: 3 
connections across 1 hosts: TCP(3), UDP(0)
Jun  4 06:28:29 abunai snort: spp_portscan: portscan status from 61.84.14.135: 3 
connections across 1 hosts: TCP(3), UDP(0)
Jun  4 06:28:33 abunai snort: spp_portscan: portscan status from 61.84.14.135: 2 
connections across 1 hosts: TCP(2), UDP(0)
Jun  4 06:28:37 abunai snort: spp_portscan: End of portscan from 61.84.14.135: TOTAL 
time(51s) hosts(1) TCP(79) UDP(2)
Jun  4 06:28:42 abunai snort: [1:1148:1] WEB-MISC Ecommerce import.txt access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4429 -> 
64.81.53.11:80
Jun  4 06:28:42 abunai snort: [1:1155:1] WEB-MISC Ecommerce checks.txt access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4433 -> 
64.81.53.11:80
Jun  4 06:28:53 abunai snort: [1:1173:1] WEB-MISC architext_query.pl access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4739 -> 
64.81.53.11:80
Jun  4 06:28:54 abunai snort: [1:1154:1] WEB-MISC Domino names.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4742 -> 
64.81.53.11:80
Jun  4 06:28:54 abunai snort: [1:1154:1] WEB-MISC Domino names.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4743 -> 
64.81.53.11:80
Jun  4 06:28:58 abunai snort: [1:1168:1] WEB-MISC mall log order access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4862 -> 
64.81.53.11:80
Jun  4 06:29:02 abunai snort: [1:1153:1] WEB-MISC Domino log.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4953 -> 
64.81.53.11:80
Jun  4 06:29:02 abunai snort: [1:1153:1] WEB-MISC Domino log.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4955 -> 
64.81.53.11:80
Jun  4 06:29:03 abunai snort: [1:1173:1] WEB-MISC architext_query.pl access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4968 -> 
64.81.53.11:80
Jun  4 06:29:03 abunai snort: [1:1173:1] WEB-MISC architext_query.pl access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4971 -> 
64.81.53.11:80
Jun  4 06:29:04 abunai snort: [1:1152:1] WEB-MISC Domino domlog.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4985 -> 
64.81.53.11:80
Jun  4 06:29:04 abunai snort: [1:1152:1] WEB-MISC Domino domlog.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4987 -> 
64.81.53.11:80
Jun  4 06:29:04 abunai snort: [1:1151:1] WEB-MISC Domino domcfg.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4991 -> 
64.81.53.11:80
Jun  4 06:29:04 abunai snort: [1:1151:1] WEB-MISC Domino domcfg.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:4994 -> 
64.81.53.11:80
Jun  4 06:29:07 abunai snort: [1:1151:1] WEB-MISC Domino domcfg.nsf access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1097 -> 
64.81.53.11:80
Jun  4 06:29:16 abunai snort: [1:886:3] WEB-CGI phf access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1292 -> 64.81.53.11:80
Jun  4 06:29:19 abunai snort: [1:1309:2] WEB-CGI zsh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1364 -> 64.81.53.11:80
Jun  4 06:29:20 abunai snort: [1:887:1] WEB-CGI www-sql access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1368 -> 64.81.53.11:80
Jun  4 06:29:20 abunai snort: [1:1175:3] WEB-MISC wwwboard.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1374 -> 64.81.53.11:80
Jun  4 06:29:21 abunai snort: [1:888:1] WEB-CGI wwwadmin.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1399 -> 64.81.53.11:80
Jun  4 06:29:22 abunai snort: [1:853:2] WEB-CGI wrap access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1426 -> 64.81.53.11:80
Jun  4 06:29:22 abunai snort: [1:853:2] WEB-CGI wrap access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1431 -> 64.81.53.11:80
Jun  4 06:29:23 abunai snort: [1:853:2] WEB-CGI wrap access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1439 -> 64.81.53.11:80
Jun  4 06:29:24 abunai snort: [1:809:2] WEB-CGI whoisraw attempt [Classification: Web 
Application Attack] [Priority: 1]: {TCP} 61.84.14.135:1470 -> 64.81.53.11:80
Jun  4 06:29:25 abunai snort: [1:810:1] WEB-CGI whoisraw access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1488 -> 64.81.53.11:80
Jun  4 06:29:26 abunai snort: [1:815:2] WEB-CGI websendmail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1507 -> 64.81.53.11:80
Jun  4 06:29:26 abunai snort: [1:815:2] WEB-CGI websendmail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1512 -> 64.81.53.11:80
Jun  4 06:29:28 abunai snort: [1:838:2] WEB-CGI webgais access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1547 -> 64.81.53.11:80
Jun  4 06:29:29 abunai snort: [1:1163:2] WEB-MISC webdist.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1561 -> 64.81.53.11:80
Jun  4 06:29:32 abunai snort: [1:850:1] WEB-CGI wais.p access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1605 -> 64.81.53.11:80
Jun  4 06:29:32 abunai snort: [1:850:1] WEB-CGI wais.p access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1606 -> 64.81.53.11:80
Jun  4 06:29:33 abunai snort: [1:861:3] WEB-CGI w3-msql access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1637 -> 64.81.53.11:80
Jun  4 06:29:34 abunai snort: [1:849:1] WEB-CGI view-source access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1656 -> 64.81.53.11:80
Jun  4 06:29:35 abunai snort: [1:849:1] WEB-CGI view-source access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1668 -> 64.81.53.11:80
Jun  4 06:29:37 abunai snort: [1:891:1] WEB-CGI upload.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1701 -> 64.81.53.11:80
Jun  4 06:29:38 abunai snort: [1:1220:1] WEB-MISC ultraboard access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1724 -> 64.81.53.11:80
Jun  4 06:29:38 abunai snort: [1:1220:1] WEB-MISC ultraboard access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1735 -> 64.81.53.11:80
Jun  4 06:29:39 abunai snort: [1:1220:1] WEB-MISC ultraboard access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1742 -> 64.81.53.11:80
Jun  4 06:29:40 abunai snort: [1:836:1] WEB-CGI testcounter.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1779 -> 64.81.53.11:80
Jun  4 06:29:41 abunai snort: [1:835:1] WEB-CGI test-cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1786 -> 64.81.53.11:80
Jun  4 06:29:41 abunai snort: [1:1201:2] WEB-MISC 403 Forbidden [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 64.81.53.11:80 -> 61.84.14.135:1786
Jun  4 06:29:41 abunai snort: [1:835:1] WEB-CGI test-cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1793 -> 64.81.53.11:80
Jun  4 06:29:41 abunai snort: [1:835:1] WEB-CGI test-cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1803 -> 64.81.53.11:80
Jun  4 06:29:41 abunai snort: [1:1201:2] WEB-MISC 403 Forbidden [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 64.81.53.11:80 -> 61.84.14.135:1803
Jun  4 06:29:42 abunai snort: [1:872:2] WEB-CGI tcsh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1816 -> 64.81.53.11:80
Jun  4 06:29:43 abunai snort: [1:872:2] WEB-CGI tcsh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1825 -> 64.81.53.11:80
Jun  4 06:29:43 abunai snort: [1:871:2] WEB-CGI survey.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1829 -> 64.81.53.11:80
Jun  4 06:29:43 abunai snort: [1:871:2] WEB-CGI survey.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1832 -> 64.81.53.11:80
Jun  4 06:29:45 abunai snort: [1:1195:1] WEB-MISC Sojourn access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1871 -> 64.81.53.11:80
Jun  4 06:29:46 abunai snort: [1:1089:2] WEB-MISC shopping cart directory traversal 
[Classification: Web Application Attack] [Priority: 1]: {TCP} 61.84.14.135:1878 -> 
64.81.53.11:80
Jun  4 06:29:46 abunai snort: [1:890:1] WEB-CGI sendform.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1892 -> 64.81.53.11:80
Jun  4 06:29:47 abunai snort: [1:1122:1] WEB-MISC /etc/passwd [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1925 -> 64.81.53.11:80
Jun  4 06:29:48 abunai snort: [1:834:2] WEB-CGI rwwwshell.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1926 -> 64.81.53.11:80
Jun  4 06:29:48 abunai snort: [1:868:1] WEB-CGI rsh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1933 -> 64.81.53.11:80
Jun  4 06:29:50 abunai snort: [1:877:1] WEB-CGI rksh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1965 -> 64.81.53.11:80
Jun  4 06:29:51 abunai snort: [1:1208:1] WEB-MISC responder.cgi access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:1988 -> 
64.81.53.11:80
Jun  4 06:29:52 abunai snort: [1:895:2] WEB-CGI redirect access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2008 -> 64.81.53.11:80
Jun  4 06:29:52 abunai snort: [1:1201:2] WEB-MISC 403 Forbidden [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 64.81.53.11:80 -> 61.84.14.135:2028
Jun  4 06:29:53 abunai snort: [1:866:1] WEB-CGI post-query access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2047 -> 64.81.53.11:80
Jun  4 06:29:54 abunai snort: [1:1217:1] WEB-MISC plusmail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2071 -> 64.81.53.11:80
Jun  4 06:29:55 abunai snort: [1:824:2] WEB-CGI php access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2089 -> 64.81.53.11:80
Jun  4 06:29:56 abunai snort: [1:886:3] WEB-CGI phf access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2121 -> 64.81.53.11:80
Jun  4 06:29:57 abunai snort: [1:886:3] WEB-CGI phf access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2140 -> 64.81.53.11:80
Jun  4 06:29:57 abunai snort: [1:886:3] WEB-CGI phf access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2147 -> 64.81.53.11:80
Jun  4 06:29:58 abunai snort: [1:886:3] WEB-CGI phf access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2166 -> 64.81.53.11:80
Jun  4 06:29:58 abunai snort: [1:841:2] WEB-CGI pfdisplay.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2169 -> 64.81.53.11:80
Jun  4 06:29:59 abunai snort: [1:840:1] WEB-CGI perlshop.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2186 -> 64.81.53.11:80
Jun  4 06:30:01 abunai snort: [1:829:2] WEB-CGI nph-test-cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2259 -> 64.81.53.11:80
Jun  4 06:30:02 abunai snort: [1:829:2] WEB-CGI nph-test-cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2268 -> 64.81.53.11:80
Jun  4 06:30:02 abunai snort: [1:830:1] WEB-CGI NPH-publish access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2270 -> 64.81.53.11:80
Jun  4 06:30:04 abunai snort: [1:1120:1] WEB-MISC mylog.phtml access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2300 -> 64.81.53.11:80
Jun  4 06:30:04 abunai snort: [1:1119:1] WEB-MISC mlog.phtml access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2303 -> 64.81.53.11:80
Jun  4 06:30:04 abunai snort: [1:859:1] WEB-CGI man.sh access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2304 -> 64.81.53.11:80
Jun  4 06:30:04 abunai snort: [1:828:1] WEB-CGI maillist.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2307 -> 64.81.53.11:80
Jun  4 06:30:04 abunai snort: [1:893:1] WEB-CGI MachineInfo access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2311 -> 64.81.53.11:80
Jun  4 06:30:04 abunai snort: [1:880:1] WEB-CGI LWGate access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2313 -> 64.81.53.11:80
Jun  4 06:30:04 abunai snort: [1:880:1] WEB-CGI LWGate access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2314 -> 64.81.53.11:80
Jun  4 06:30:05 abunai snort: [1:880:1] WEB-CGI LWGate access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2328 -> 64.81.53.11:80
Jun  4 06:30:06 abunai snort: [1:865:1] WEB-CGI ksh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2356 -> 64.81.53.11:80
Jun  4 06:30:06 abunai snort: [1:865:1] WEB-CGI ksh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2369 -> 64.81.53.11:80
Jun  4 06:30:08 abunai snort: [1:1174:2] WEB-MISC /cgi-bin/jj attempt [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2409 -> 64.81.53.11:80
Jun  4 06:30:09 abunai snort: [1:1174:2] WEB-MISC /cgi-bin/jj attempt [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2422 -> 64.81.53.11:80
Jun  4 06:30:09 abunai snort: [1:827:2] WEB-CGI info2www access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2438 -> 64.81.53.11:80
Jun  4 06:30:09 abunai snort: [1:826:2] WEB-CGI htmlscript access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2455 -> 64.81.53.11:80
Jun  4 06:30:10 abunai snort: [1:826:2] WEB-CGI htmlscript access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2468 -> 64.81.53.11:80
Jun  4 06:30:11 abunai snort: [1:1141:2] WEB-MISC handler access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2488 -> 64.81.53.11:80
Jun  4 06:30:11 abunai snort: [1:1141:2] WEB-MISC handler access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2490 -> 64.81.53.11:80
Jun  4 06:30:12 abunai snort: [1:1140:3] WEB-MISC guestbook.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2503 -> 64.81.53.11:80
Jun  4 06:30:14 abunai snort: [1:825:2] WEB-CGI glimpse access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2555 -> 64.81.53.11:80
Jun  4 06:30:15 abunai snort: [1:1107:1] WEB-MISC ftp.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2574 -> 64.81.53.11:80
Jun  4 06:30:16 abunai snort: [1:884:2] WEB-CGI formmail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2589 -> 64.81.53.11:80
Jun  4 06:30:16 abunai snort: [1:884:2] WEB-CGI formmail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2590 -> 64.81.53.11:80
Jun  4 06:30:16 abunai snort: [1:884:2] WEB-CGI formmail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2591 -> 64.81.53.11:80
Jun  4 06:30:16 abunai snort: [1:884:2] WEB-CGI formmail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2592 -> 64.81.53.11:80
Jun  4 06:30:18 abunai snort: [1:883:1] WEB-CGI flexform access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2642 -> 64.81.53.11:80
Jun  4 06:30:18 abunai snort: [1:883:1] WEB-CGI flexform access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2644 -> 64.81.53.11:80
Jun  4 06:30:20 abunai snort: [1:839:1] WEB-CGI finger access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2667 -> 64.81.53.11:80
Jun  4 06:30:21 abunai snort: [1:839:1] WEB-CGI finger access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2682 -> 64.81.53.11:80
Jun  4 06:30:21 abunai snort: [1:839:1] WEB-CGI finger access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2683 -> 64.81.53.11:80
Jun  4 06:30:21 abunai snort: [1:851:1] WEB-CGI files.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2697 -> 64.81.53.11:80
Jun  4 06:30:22 abunai snort: [1:858:1] WEB-CGI filemail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2705 -> 64.81.53.11:80
Jun  4 06:30:23 abunai snort: [1:1216:1] WEB-MISC filemail access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2717 -> 64.81.53.11:80
Jun  4 06:30:23 abunai snort: [1:857:2] WEB-CGI faxsurvey access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2730 -> 64.81.53.11:80
Jun  4 06:30:24 abunai snort: [1:857:2] WEB-CGI faxsurvey access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2732 -> 64.81.53.11:80
Jun  4 06:30:25 abunai snort: [1:856:1] WEB-CGI environ.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2751 -> 64.81.53.11:80
Jun  4 06:30:25 abunai snort: [1:855:1] WEB-CGI edit.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2770 -> 64.81.53.11:80
Jun  4 06:30:26 abunai snort: [1:869:1] WEB-CGI dumpenv.pl access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2788 -> 64.81.53.11:80
Jun  4 06:30:28 abunai snort: [1:863:1] WEB-CGI day5datacopier.cgi access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2841 -> 
64.81.53.11:80
Jun  4 06:30:28 abunai snort: [1:864:1] WEB-CGI day5datanotifier.cgi access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2842 -> 
64.81.53.11:80
Jun  4 06:30:29 abunai snort: [1:862:2] WEB-CGI csh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2845 -> 64.81.53.11:80
Jun  4 06:30:29 abunai snort: [1:862:2] WEB-CGI csh access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2847 -> 64.81.53.11:80
Jun  4 06:30:30 abunai snort: [1:1149:2] WEB-MISC count.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2857 -> 64.81.53.11:80
Jun  4 06:30:31 abunai snort: [1:1149:2] WEB-MISC count.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2874 -> 64.81.53.11:80
Jun  4 06:30:32 abunai snort: [1:854:2] WEB-CGI classifieds.cgi access 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2895 -> 
64.81.53.11:80
Jun  4 06:30:35 abunai snort: [1:847:2] WEB-CGI campas access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2957 -> 64.81.53.11:80
Jun  4 06:30:35 abunai snort: [1:847:2] WEB-CGI campas access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2958 -> 64.81.53.11:80
Jun  4 06:30:36 abunai snort: [1:882:1] WEB-CGI calendar access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2968 -> 64.81.53.11:80
Jun  4 06:30:36 abunai snort: [1:1206:1] WEB-MISC cachemgr.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2975 -> 64.81.53.11:80
Jun  4 06:30:37 abunai snort: [1:846:2] WEB-CGI bnbform.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2985 -> 64.81.53.11:80
Jun  4 06:30:38 abunai snort: [1:1172:1] WEB-MISC bigconf.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2991 -> 64.81.53.11:80
Jun  4 06:30:38 abunai snort: [1:1172:1] WEB-MISC bigconf.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:2992 -> 64.81.53.11:80
Jun  4 06:30:39 abunai snort: [1:894:1] WEB-CGI bb-hist.sh access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3005 -> 64.81.53.11:80
Jun  4 06:30:40 abunai snort: [1:885:1] WEB-CGI bash access [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3022 -> 64.81.53.11:80
Jun  4 06:30:41 abunai snort: [1:1205:1] WEB-MISC axs.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3045 -> 64.81.53.11:80
Jun  4 06:30:41 abunai snort: [1:1204:1] WEB-MISC ax-admin.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3047 -> 64.81.53.11:80
Jun  4 06:30:44 abunai snort: [1:845:1] WEB-CGI AT-admin.cgi access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3083 -> 64.81.53.11:80
Jun  4 06:30:44 abunai snort: [1:881:1] WEB-CGI archie access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3097 -> 64.81.53.11:80
Jun  4 06:30:44 abunai snort: [1:892:3] WEB-CGI AnyForm2 access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3098 -> 64.81.53.11:80
Jun  4 06:30:53 abunai snort: [1:842:1] WEB-CGI aglimpse access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3217 -> 64.81.53.11:80
Jun  4 06:30:54 abunai snort: [1:842:1] WEB-CGI aglimpse access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3227 -> 64.81.53.11:80
Jun  4 06:30:54 abunai snort: [1:842:1] WEB-CGI aglimpse access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3232 -> 64.81.53.11:80
Jun  4 06:30:55 abunai snort: [1:1176:1] WEB-MISC order.log access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3248 -> 64.81.53.11:80
Jun  4 06:30:57 abunai snort: [1:894:1] WEB-CGI bb-hist.sh access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3292 -> 64.81.53.11:80
Jun  4 06:30:58 abunai snort: [1:1145:3] WEB-MISC /~root [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3315 -> 64.81.53.11:80
Jun  4 06:31:01 abunai snort: [1:1071:2] WEB-MISC .htpasswd access [Classification: 
Web Application Attack] [Priority: 1]: {TCP} 61.84.14.135:3363 -> 64.81.53.11:80
Jun  4 06:31:01 abunai snort: [1:1129:1] WEB-MISC .htaccess access [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3365 -> 64.81.53.11:80
Jun  4 06:31:01 abunai snort: [1:1201:2] WEB-MISC 403 Forbidden [Classification: 
Attempted Information Leak] [Priority: 2]: {TCP} 64.81.53.11:80 -> 61.84.14.135:3365
Jun  4 06:31:04 abunai snort: [1:1142:1] WEB-MISC /.... [Classification: Attempted 
Information Leak] [Priority: 2]: {TCP} 61.84.14.135:3402 -> 64.81.53.11:80




_______________________________________________
Bits mailing list
[EMAIL PROTECTED]
http://www.sugoi.org/mailman/listinfo/bits

[bits] jay gets attacked by koreans

Reply via email to