Snort mailing list archives
Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts
From: Teo En Ming <teo.en.ming () gmail com>
Date: Wed, 23 Apr 2014 19:59:12 +0800
Hi, In the previous (1st) Metasploit exploit attempt, there were 136 Snort alerts with the internet-facing IP address included in HOME_NET in snort.conf. In the 2nd Metasploit exploit attempt, I removed the internet-facing IP address from HOME_NET in snort.conf and there were 95 Snort alerts. ***So I don't think it is necessary to include internet-facing IP address in HOME_NET.*** Do you guys agree with this? Here are the Snort alerts from the 2nd Metasploit exploit attempt: 04/23-18:59:33.230809 [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 171.207.9.232:35869 -> 192.168.1.146:80 04/23-19:06:23.153624 [**] [1:20158:9] SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47198 -> 192.168.1.147:80 04/23-19:07:51.550750 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44608 -> 192.168.1.146:80 04/23-19:07:51.550750 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44608 -> 192.168.1.146:80 04/23-19:07:51.943934 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36966 -> 192.168.1.146:80 04/23-19:07:51.943934 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36966 -> 192.168.1.146:80 04/23-19:07:52.543716 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39123 -> 192.168.1.146:80 04/23-19:07:52.543716 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39123 -> 192.168.1.146:80 04/23-19:07:52.687912 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50919 -> 192.168.1.146:80 04/23-19:07:52.687912 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50919 -> 192.168.1.146:80 04/23-19:07:53.331668 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48301 -> 192.168.1.146:80 04/23-19:07:53.331668 [**] [1:21656:4] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48301 -> 192.168.1.146:80 04/23-19:07:53.331668 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48301 -> 192.168.1.146:80 04/23-19:08:07.576104 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50744 -> 192.168.1.147:80 04/23-19:08:07.576104 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50744 -> 192.168.1.147:80 04/23-19:08:07.952043 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58019 -> 192.168.1.147:80 04/23-19:08:07.952043 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58019 -> 192.168.1.147:80 04/23-19:08:08.458397 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58599 -> 192.168.1.147:80 04/23-19:08:08.458397 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58599 -> 192.168.1.147:80 04/23-19:08:08.826209 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37851 -> 192.168.1.147:80 04/23-19:08:08.826209 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37851 -> 192.168.1.147:80 04/23-19:08:08.990232 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37930 -> 192.168.1.147:80 04/23-19:08:08.990232 [**] [1:21656:4] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37930 -> 192.168.1.147:80 04/23-19:08:08.990232 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37930 -> 192.168.1.147:80 04/23-19:08:18.702392 [**] [1:21555:2] MALWARE-OTHER Horde javascript.php href backdoor [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 171.207.9.232:46644 -> 192.168.1.146:80 04/23-19:09:05.300153 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42708 -> 192.168.1.146:80 04/23-19:09:26.657189 [**] [1:21555:2] MALWARE-OTHER Horde javascript.php href backdoor [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 171.207.9.232:53179 -> 192.168.1.147:80 04/23-19:09:54.885160 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59272 -> 192.168.1.147:80 04/23-19:09:54.885160 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59272 -> 192.168.1.147:80 04/23-19:09:54.885160 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59272 -> 192.168.1.147:80 04/23-19:09:55.070576 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52768 -> 192.168.1.147:80 04/23-19:09:55.070576 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52768 -> 192.168.1.147:80 04/23-19:09:55.070576 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52768 -> 192.168.1.147:80 04/23-19:09:55.291304 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58220 -> 192.168.1.147:80 04/23-19:09:55.291304 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58220 -> 192.168.1.147:80 04/23-19:09:55.291304 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58220 -> 192.168.1.147:80 04/23-19:09:56.735170 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44015 -> 192.168.1.147:80 04/23-19:09:56.735170 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44015 -> 192.168.1.147:80 04/23-19:09:56.735170 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44015 -> 192.168.1.147:80 04/23-19:09:57.008456 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39247 -> 192.168.1.147:80 04/23-19:09:57.008456 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39247 -> 192.168.1.147:80 04/23-19:09:57.008456 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39247 -> 192.168.1.147:80 04/23-19:09:57.269374 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:49632 -> 192.168.1.147:80 04/23-19:09:57.269374 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:49632 -> 192.168.1.147:80 04/23-19:09:57.269374 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:49632 -> 192.168.1.147:80 04/23-19:09:57.471271 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56493 -> 192.168.1.147:80 04/23-19:09:57.471271 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56493 -> 192.168.1.147:80 04/23-19:09:57.471271 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56493 -> 192.168.1.147:80 04/23-19:09:57.639986 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50604 -> 192.168.1.147:80 04/23-19:09:57.639986 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50604 -> 192.168.1.147:80 04/23-19:09:57.639986 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50604 -> 192.168.1.147:80 04/23-19:09:57.917280 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44753 -> 192.168.1.147:80 04/23-19:09:57.917280 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44753 -> 192.168.1.147:80 04/23-19:09:57.917280 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44753 -> 192.168.1.147:80 04/23-19:09:58.116309 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43094 -> 192.168.1.147:80 04/23-19:09:58.116309 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43094 -> 192.168.1.147:80 04/23-19:09:58.116309 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43094 -> 192.168.1.147:80 04/23-19:09:58.277134 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48034 -> 192.168.1.147:80 04/23-19:09:58.277134 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48034 -> 192.168.1.147:80 04/23-19:09:58.277134 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48034 -> 192.168.1.147:80 04/23-19:09:58.568110 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39075 -> 192.168.1.147:80 04/23-19:09:58.568110 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39075 -> 192.168.1.147:80 04/23-19:09:58.568110 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39075 -> 192.168.1.147:80 04/23-19:09:58.726410 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:51431 -> 192.168.1.147:80 04/23-19:09:58.726410 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:51431 -> 192.168.1.147:80 04/23-19:09:58.726410 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:51431 -> 192.168.1.147:80 04/23-19:09:58.886976 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56634 -> 192.168.1.147:80 04/23-19:09:58.886976 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56634 -> 192.168.1.147:80 04/23-19:09:58.886976 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56634 -> 192.168.1.147:80 04/23-19:09:59.129323 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47612 -> 192.168.1.147:80 04/23-19:09:59.129323 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47612 -> 192.168.1.147:80 04/23-19:09:59.129323 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47612 -> 192.168.1.147:80 04/23-19:09:59.321208 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32881 -> 192.168.1.147:80 04/23-19:09:59.321208 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32881 -> 192.168.1.147:80 04/23-19:09:59.321208 [**] [1:21656:4] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32881 -> 192.168.1.147:80 04/23-19:09:59.321208 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32881 -> 192.168.1.147:80 04/23-19:10:43.299830 [**] [1:24520:4] SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:54089 -> 192.168.1.146:80 04/23-19:11:16.158913 [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37160 -> 192.168.1.146:80 04/23-19:12:55.409554 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47559 -> 192.168.1.147:80 04/23-19:14:04.141386 [**] [1:24520:4] SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41913 -> 192.168.1.147:80 04/23-19:15:12.632297 [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42473 -> 192.168.1.147:80 04/23-19:15:47.733149 [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58368 -> 192.168.1.146:80 04/23-19:16:48.787248 [**] [1:23111:5] POLICY-OTHER PHP uri tag injection attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 171.207.9.232:56912 -> 192.168.1.147:80 04/23-19:16:58.634538 [**] [1:28251:1] SERVER-WEBAPP Zabbix session id disclosure via sql injection attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 171.207.9.232:34616 -> 192.168.1.147:80 04/23-19:18:24.918348 [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:33526 -> 192.168.1.147:80 04/23-19:21:09.394272 [**] [1:29041:1] SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:40492 -> 192.168.1.146:80 04/23-19:21:30.495860 [**] [1:28251:1] SERVER-WEBAPP Zabbix session id disclosure via sql injection attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 171.207.9.232:47254 -> 192.168.1.146:80 04/23-19:22:02.778100 [**] [1:28288:1] SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56672 -> 192.168.1.146:80 04/23-19:23:20.951569 [**] [1:29041:1] SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59967 -> 192.168.1.147:80 04/23-19:31:24.411273 [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41748 -> 192.168.1.146:80 04/23-19:31:43.136606 [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59872 -> 192.168.1.146:80 04/23-19:34:07.992912 [**] [1:23631:3] SERVER-APACHE Apache Struts remote code execution attempt - POST parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:54455 -> 192.168.1.146:80 04/23-19:34:09.209024 [**] [1:23631:3] SERVER-APACHE Apache Struts remote code execution attempt - POST parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37209 -> 192.168.1.146:80 04/23-19:34:15.947206 [**] [1:23111:5] POLICY-OTHER PHP uri tag injection attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 171.207.9.232:38692 -> 192.168.1.146:80 Regards, Teo En Ming On Wed, Apr 23, 2014 at 6:52 PM, Teo En Ming <teo.en.ming () gmail com> wrote:
Yes!!! I executed Metasploit exploit attempts at my internet-facing IP address and lots of Snort alerts were generated. This means that my Snort IDS sensor is functioning properly. Here are the Snort alerts: 04/23-18:00:41.465006 [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 171.207.9.232:60452 -> 192.168.1.146:80 04/23-18:04:41.932147 [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 171.207.9.232:36215 -> 192.168.1.147:80 04/23-18:07:53.130949 [**] [1:20158:9] SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60614 -> 192.168.1.147:80 04/23-18:10:14.401649 [**] [1:21555:2] MALWARE-OTHER Horde javascript.php href backdoor [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 171.207.9.232:49301 -> 192.168.1.147:80 04/23-18:10:54.659169 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38585 -> 192.168.1.146:80 04/23-18:10:54.659169 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38585 -> 192.168.1.146:80 04/23-18:10:54.814134 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48941 -> 192.168.1.146:80 04/23-18:10:54.814134 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48941 -> 192.168.1.146:80 04/23-18:10:54.947304 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45329 -> 192.168.1.146:80 04/23-18:10:54.947304 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45329 -> 192.168.1.146:80 04/23-18:10:55.300167 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48882 -> 192.168.1.146:80 04/23-18:10:55.300167 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48882 -> 192.168.1.146:80 04/23-18:10:55.881890 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 -> 192.168.1.146:80 04/23-18:10:55.881890 [**] [1:21656:4] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 -> 192.168.1.146:80 04/23-18:10:55.881890 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 -> 192.168.1.146:80 04/23-18:11:02.245134 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59799 -> 192.168.1.147:80 04/23-18:11:02.245134 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59799 -> 192.168.1.147:80 04/23-18:11:02.245134 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59799 -> 192.168.1.147:80 04/23-18:11:02.344691 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35810 -> 192.168.1.147:80 04/23-18:11:02.344691 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35810 -> 192.168.1.147:80 04/23-18:11:02.344691 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35810 -> 192.168.1.147:80 04/23-18:11:02.614324 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41909 -> 192.168.1.147:80 04/23-18:11:02.614324 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41909 -> 192.168.1.147:80 04/23-18:11:02.614324 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41909 -> 192.168.1.147:80 04/23-18:11:03.450372 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34810 -> 192.168.1.147:80 04/23-18:11:03.450372 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34810 -> 192.168.1.147:80 04/23-18:11:03.450372 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34810 -> 192.168.1.147:80 04/23-18:11:04.581732 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53248 -> 192.168.1.147:80 04/23-18:11:04.581732 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53248 -> 192.168.1.147:80 04/23-18:11:04.581732 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53248 -> 192.168.1.147:80 04/23-18:11:05.045183 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35419 -> 192.168.1.147:80 04/23-18:11:05.045183 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35419 -> 192.168.1.147:80 04/23-18:11:05.045183 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35419 -> 192.168.1.147:80 04/23-18:11:05.354233 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36826 -> 192.168.1.147:80 04/23-18:11:05.354233 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36826 -> 192.168.1.147:80 04/23-18:11:05.354233 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36826 -> 192.168.1.147:80 04/23-18:11:05.819363 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37734 -> 192.168.1.147:80 04/23-18:11:05.819363 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37734 -> 192.168.1.147:80 04/23-18:11:05.819363 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37734 -> 192.168.1.147:80 04/23-18:11:05.985363 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48045 -> 192.168.1.147:80 04/23-18:11:05.985363 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48045 -> 192.168.1.147:80 04/23-18:11:05.985363 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48045 -> 192.168.1.147:80 04/23-18:11:06.119571 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39739 -> 192.168.1.147:80 04/23-18:11:06.119571 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39739 -> 192.168.1.147:80 04/23-18:11:06.119571 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39739 -> 192.168.1.147:80 04/23-18:11:06.512961 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56316 -> 192.168.1.147:80 04/23-18:11:06.512961 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56316 -> 192.168.1.147:80 04/23-18:11:06.512961 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56316 -> 192.168.1.147:80 04/23-18:11:07.300177 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42529 -> 192.168.1.147:80 04/23-18:11:07.300177 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42529 -> 192.168.1.147:80 04/23-18:11:07.300177 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42529 -> 192.168.1.147:80 04/23-18:11:07.511373 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55687 -> 192.168.1.147:80 04/23-18:11:07.511373 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55687 -> 192.168.1.147:80 04/23-18:11:07.511373 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55687 -> 192.168.1.147:80 04/23-18:11:07.735902 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38990 -> 192.168.1.147:80 04/23-18:11:07.735902 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38990 -> 192.168.1.147:80 04/23-18:11:07.735902 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38990 -> 192.168.1.147:80 04/23-18:11:07.983140 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52419 -> 192.168.1.147:80 04/23-18:11:07.983140 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52419 -> 192.168.1.147:80 04/23-18:11:07.983140 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52419 -> 192.168.1.147:80 04/23-18:11:08.193910 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 -> 192.168.1.147:80 04/23-18:11:08.193910 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 -> 192.168.1.147:80 04/23-18:11:08.193910 [**] [1:21656:4] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 -> 192.168.1.147:80 04/23-18:11:08.193910 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 -> 192.168.1.147:80 04/23-18:11:36.276659 [**] [1:21555:2] MALWARE-OTHER Horde javascript.php href backdoor [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 171.207.9.232:47467 -> 192.168.1.146:80 04/23-18:11:59.296782 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60163 -> 192.168.1.146:80 04/23-18:11:59.296782 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60163 -> 192.168.1.146:80 04/23-18:11:59.296782 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60163 -> 192.168.1.146:80 04/23-18:11:59.640085 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55466 -> 192.168.1.146:80 04/23-18:11:59.640085 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55466 -> 192.168.1.146:80 04/23-18:11:59.640085 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55466 -> 192.168.1.146:80 04/23-18:12:00.974738 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32790 -> 192.168.1.146:80 04/23-18:12:00.974738 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32790 -> 192.168.1.146:80 04/23-18:12:00.974738 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32790 -> 192.168.1.146:80 04/23-18:12:01.087403 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35007 -> 192.168.1.146:80 04/23-18:12:01.087403 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35007 -> 192.168.1.146:80 04/23-18:12:01.087403 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35007 -> 192.168.1.146:80 04/23-18:12:01.219393 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47339 -> 192.168.1.146:80 04/23-18:12:01.219393 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47339 -> 192.168.1.146:80 04/23-18:12:01.219393 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47339 -> 192.168.1.146:80 04/23-18:12:01.515646 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41742 -> 192.168.1.146:80 04/23-18:12:01.515646 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41742 -> 192.168.1.146:80 04/23-18:12:01.515646 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41742 -> 192.168.1.146:80 04/23-18:12:02.109268 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53071 -> 192.168.1.146:80 04/23-18:12:02.109268 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53071 -> 192.168.1.146:80 04/23-18:12:02.109268 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53071 -> 192.168.1.146:80 04/23-18:12:02.272663 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55032 -> 192.168.1.146:80 04/23-18:12:02.272663 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55032 -> 192.168.1.146:80 04/23-18:12:02.272663 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55032 -> 192.168.1.146:80 04/23-18:12:02.664309 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44332 -> 192.168.1.146:80 04/23-18:12:02.664309 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44332 -> 192.168.1.146:80 04/23-18:12:02.664309 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44332 -> 192.168.1.146:80 04/23-18:12:03.011280 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50524 -> 192.168.1.146:80 04/23-18:12:03.011280 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50524 -> 192.168.1.146:80 04/23-18:12:03.011280 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50524 -> 192.168.1.146:80 04/23-18:12:03.166853 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60536 -> 192.168.1.146:80 04/23-18:12:03.166853 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60536 -> 192.168.1.146:80 04/23-18:12:03.166853 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60536 -> 192.168.1.146:80 04/23-18:12:03.399633 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39061 -> 192.168.1.146:80 04/23-18:12:03.399633 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39061 -> 192.168.1.146:80 04/23-18:12:03.399633 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39061 -> 192.168.1.146:80 04/23-18:12:04.265497 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38813 -> 192.168.1.146:80 04/23-18:12:04.265497 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38813 -> 192.168.1.146:80 04/23-18:12:04.265497 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38813 -> 192.168.1.146:80 04/23-18:12:04.691903 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34676 -> 192.168.1.146:80 04/23-18:12:04.691903 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34676 -> 192.168.1.146:80 04/23-18:12:04.691903 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34676 -> 192.168.1.146:80 04/23-18:12:05.020970 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44677 -> 192.168.1.146:80 04/23-18:12:05.020970 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44677 -> 192.168.1.146:80 04/23-18:12:05.020970 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44677 -> 192.168.1.146:80 04/23-18:12:05.144006 [**] [1:21073:3] SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 -> 192.168.1.146:80 04/23-18:12:05.144006 [**] [1:21075:4] SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 -> 192.168.1.146:80 04/23-18:12:05.144006 [**] [1:21656:4] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 -> 192.168.1.146:80 04/23-18:12:05.144006 [**] [1:21072:3] SERVER-APACHE Apache Struts remote code execution attempt - GET parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 -> 192.168.1.146:80 04/23-18:12:36.276211 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38814 -> 192.168.1.146:80 04/23-18:13:12.872174 [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file include attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42151 -> 192.168.1.147:80 04/23-18:14:11.768307 [**] [1:24520:4] SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45466 -> 192.168.1.146:80 04/23-18:14:41.826966 [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37021 -> 192.168.1.147:80 04/23-18:16:45.267429 [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55772 -> 192.168.1.146:80 04/23-18:17:43.693313 [**] [1:28251:1] SERVER-WEBAPP Zabbix session id disclosure via sql injection attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 171.207.9.232:47699 -> 192.168.1.147:80 04/23-18:18:20.064992 [**] [1:23111:5] POLICY-OTHER PHP uri tag injection attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 171.207.9.232:37753 -> 192.168.1.146:80 04/23-18:19:46.474313 [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35953 -> 192.168.1.147:80 04/23-18:19:56.032195 [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50581 -> 192.168.1.146:80 04/23-18:25:03.277182 [**] [1:29041:1] SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52840 -> 192.168.1.147:80 04/23-18:25:23.701266 [**] [1:28288:1] SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58234 -> 192.168.1.147:80 04/23-18:26:20.716788 [**] [1:29387:1] SERVER-WEBAPP Synology DiskStation Manager SLICEUPLOAD remote command execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37560 -> 192.168.1.147:80 04/23-18:28:07.713876 [**] [1:28288:1] SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58216 -> 192.168.1.146:80 04/23-18:35:55.385556 [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:54744 -> 192.168.1.147:80 04/23-18:36:58.648392 [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:46544 -> 192.168.1.146:80 04/23-18:37:06.719577 [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55900 -> 192.168.1.146:80 04/23-18:38:43.160774 [**] [1:23631:3] SERVER-APACHE Apache Struts remote code execution attempt - POST parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35862 -> 192.168.1.147:80 04/23-18:38:42.786371 [**] [1:23631:3] SERVER-APACHE Apache Struts remote code execution attempt - POST parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38992 -> 192.168.1.147:80 04/23-18:39:21.473819 [**] [1:23631:3] SERVER-APACHE Apache Struts remote code execution attempt - POST parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53647 -> 192.168.1.146:80 04/23-18:39:21.173596 [**] [1:23631:3] SERVER-APACHE Apache Struts remote code execution attempt - POST parameter [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38094 -> 192.168.1.146:80 04/23-18:39:26.476437 [**] [1:23111:5] POLICY-OTHER PHP uri tag injection attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 171.207.9.232:36636 -> 192.168.1.146:80 Regards, Teo En Ming
------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- My Snort IDS Sensor Detected Metasploit Exploit Attempts Teo En Ming (Apr 23)
- Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts Teo En Ming (Apr 23)
- Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts Eric G (Apr 23)
- Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts Teo En Ming (Apr 23)
- Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts Eric G (Apr 23)
- Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts Eric G (Apr 23)
- Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts Teo En Ming (Apr 23)