[Snort-users] My Snort IDS Sensor Detected Metasploit Exploit Attempts

Teo En Ming teo.en.ming at ...11827...
Wed Apr 23 06:52:39 EDT 2014


Yes!!! I executed Metasploit exploit attempts at my internet-facing IP
address and lots of Snort alerts were generated. This means that my Snort
IDS sensor is functioning properly.

Here are the Snort alerts:

04/23-18:00:41.465006  [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter
CasinoLoader SQL injection [**] [Classification: A Network Trojan was
Detected] [Priority: 1] {TCP} 171.207.9.232:60452 -> 192.168.1.146:80
04/23-18:04:41.932147  [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter
CasinoLoader SQL injection [**] [Classification: A Network Trojan was
Detected] [Priority: 1] {TCP} 171.207.9.232:36215 -> 192.168.1.147:80
04/23-18:07:53.130949  [**] [1:20158:9] SERVER-WEBAPP Oracle GlassFish
Server default credentials login attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60614 ->
192.168.1.147:80
04/23-18:10:14.401649  [**] [1:21555:2] MALWARE-OTHER Horde javascript.php
href backdoor [**] [Classification: A Network Trojan was Detected]
[Priority: 1] {TCP} 171.207.9.232:49301 -> 192.168.1.147:80
04/23-18:10:54.659169  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38585 ->
192.168.1.146:80
04/23-18:10:54.659169  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38585 ->
192.168.1.146:80
04/23-18:10:54.814134  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48941 ->
192.168.1.146:80
04/23-18:10:54.814134  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48941 ->
192.168.1.146:80
04/23-18:10:54.947304  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45329 ->
192.168.1.146:80
04/23-18:10:54.947304  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45329 ->
192.168.1.146:80
04/23-18:10:55.300167  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48882 ->
192.168.1.146:80
04/23-18:10:55.300167  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48882 ->
192.168.1.146:80
04/23-18:10:55.881890  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 ->
192.168.1.146:80
04/23-18:10:55.881890  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 ->
192.168.1.146:80
04/23-18:10:55.881890  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 ->
192.168.1.146:80
04/23-18:11:02.245134  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59799 ->
192.168.1.147:80
04/23-18:11:02.245134  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:59799 -> 192.168.1.147:80
04/23-18:11:02.245134  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59799 ->
192.168.1.147:80
04/23-18:11:02.344691  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35810 ->
192.168.1.147:80
04/23-18:11:02.344691  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:35810 -> 192.168.1.147:80
04/23-18:11:02.344691  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35810 ->
192.168.1.147:80
04/23-18:11:02.614324  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41909 ->
192.168.1.147:80
04/23-18:11:02.614324  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:41909 -> 192.168.1.147:80
04/23-18:11:02.614324  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41909 ->
192.168.1.147:80
04/23-18:11:03.450372  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34810 ->
192.168.1.147:80
04/23-18:11:03.450372  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:34810 -> 192.168.1.147:80
04/23-18:11:03.450372  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34810 ->
192.168.1.147:80
04/23-18:11:04.581732  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53248 ->
192.168.1.147:80
04/23-18:11:04.581732  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:53248 -> 192.168.1.147:80
04/23-18:11:04.581732  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53248 ->
192.168.1.147:80
04/23-18:11:05.045183  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35419 ->
192.168.1.147:80
04/23-18:11:05.045183  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:35419 -> 192.168.1.147:80
04/23-18:11:05.045183  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35419 ->
192.168.1.147:80
04/23-18:11:05.354233  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36826 ->
192.168.1.147:80
04/23-18:11:05.354233  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:36826 -> 192.168.1.147:80
04/23-18:11:05.354233  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36826 ->
192.168.1.147:80
04/23-18:11:05.819363  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37734 ->
192.168.1.147:80
04/23-18:11:05.819363  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:37734 -> 192.168.1.147:80
04/23-18:11:05.819363  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37734 ->
192.168.1.147:80
04/23-18:11:05.985363  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48045 ->
192.168.1.147:80
04/23-18:11:05.985363  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:48045 -> 192.168.1.147:80
04/23-18:11:05.985363  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48045 ->
192.168.1.147:80
04/23-18:11:06.119571  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39739 ->
192.168.1.147:80
04/23-18:11:06.119571  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:39739 -> 192.168.1.147:80
04/23-18:11:06.119571  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39739 ->
192.168.1.147:80
04/23-18:11:06.512961  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56316 ->
192.168.1.147:80
04/23-18:11:06.512961  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:56316 -> 192.168.1.147:80
04/23-18:11:06.512961  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56316 ->
192.168.1.147:80
04/23-18:11:07.300177  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42529 ->
192.168.1.147:80
04/23-18:11:07.300177  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:42529 -> 192.168.1.147:80
04/23-18:11:07.300177  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42529 ->
192.168.1.147:80
04/23-18:11:07.511373  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55687 ->
192.168.1.147:80
04/23-18:11:07.511373  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:55687 -> 192.168.1.147:80
04/23-18:11:07.511373  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55687 ->
192.168.1.147:80
04/23-18:11:07.735902  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38990 ->
192.168.1.147:80
04/23-18:11:07.735902  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:38990 -> 192.168.1.147:80
04/23-18:11:07.735902  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38990 ->
192.168.1.147:80
04/23-18:11:07.983140  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52419 ->
192.168.1.147:80
04/23-18:11:07.983140  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:52419 -> 192.168.1.147:80
04/23-18:11:07.983140  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52419 ->
192.168.1.147:80
04/23-18:11:08.193910  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 ->
192.168.1.147:80
04/23-18:11:08.193910  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:56750 -> 192.168.1.147:80
04/23-18:11:08.193910  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 ->
192.168.1.147:80
04/23-18:11:08.193910  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 ->
192.168.1.147:80
04/23-18:11:36.276659  [**] [1:21555:2] MALWARE-OTHER Horde javascript.php
href backdoor [**] [Classification: A Network Trojan was Detected]
[Priority: 1] {TCP} 171.207.9.232:47467 -> 192.168.1.146:80
04/23-18:11:59.296782  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60163 ->
192.168.1.146:80
04/23-18:11:59.296782  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:60163 -> 192.168.1.146:80
04/23-18:11:59.296782  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60163 ->
192.168.1.146:80
04/23-18:11:59.640085  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55466 ->
192.168.1.146:80
04/23-18:11:59.640085  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:55466 -> 192.168.1.146:80
04/23-18:11:59.640085  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55466 ->
192.168.1.146:80
04/23-18:12:00.974738  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32790 ->
192.168.1.146:80
04/23-18:12:00.974738  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:32790 -> 192.168.1.146:80
04/23-18:12:00.974738  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32790 ->
192.168.1.146:80
04/23-18:12:01.087403  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35007 ->
192.168.1.146:80
04/23-18:12:01.087403  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:35007 -> 192.168.1.146:80
04/23-18:12:01.087403  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35007 ->
192.168.1.146:80
04/23-18:12:01.219393  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47339 ->
192.168.1.146:80
04/23-18:12:01.219393  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:47339 -> 192.168.1.146:80
04/23-18:12:01.219393  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47339 ->
192.168.1.146:80
04/23-18:12:01.515646  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41742 ->
192.168.1.146:80
04/23-18:12:01.515646  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:41742 -> 192.168.1.146:80
04/23-18:12:01.515646  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41742 ->
192.168.1.146:80
04/23-18:12:02.109268  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53071 ->
192.168.1.146:80
04/23-18:12:02.109268  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:53071 -> 192.168.1.146:80
04/23-18:12:02.109268  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53071 ->
192.168.1.146:80
04/23-18:12:02.272663  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55032 ->
192.168.1.146:80
04/23-18:12:02.272663  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:55032 -> 192.168.1.146:80
04/23-18:12:02.272663  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55032 ->
192.168.1.146:80
04/23-18:12:02.664309  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44332 ->
192.168.1.146:80
04/23-18:12:02.664309  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:44332 -> 192.168.1.146:80
04/23-18:12:02.664309  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44332 ->
192.168.1.146:80
04/23-18:12:03.011280  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50524 ->
192.168.1.146:80
04/23-18:12:03.011280  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:50524 -> 192.168.1.146:80
04/23-18:12:03.011280  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50524 ->
192.168.1.146:80
04/23-18:12:03.166853  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60536 ->
192.168.1.146:80
04/23-18:12:03.166853  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:60536 -> 192.168.1.146:80
04/23-18:12:03.166853  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60536 ->
192.168.1.146:80
04/23-18:12:03.399633  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39061 ->
192.168.1.146:80
04/23-18:12:03.399633  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:39061 -> 192.168.1.146:80
04/23-18:12:03.399633  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39061 ->
192.168.1.146:80
04/23-18:12:04.265497  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38813 ->
192.168.1.146:80
04/23-18:12:04.265497  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:38813 -> 192.168.1.146:80
04/23-18:12:04.265497  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38813 ->
192.168.1.146:80
04/23-18:12:04.691903  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34676 ->
192.168.1.146:80
04/23-18:12:04.691903  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:34676 -> 192.168.1.146:80
04/23-18:12:04.691903  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34676 ->
192.168.1.146:80
04/23-18:12:05.020970  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44677 ->
192.168.1.146:80
04/23-18:12:05.020970  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:44677 -> 192.168.1.146:80
04/23-18:12:05.020970  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44677 ->
192.168.1.146:80
04/23-18:12:05.144006  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 ->
192.168.1.146:80
04/23-18:12:05.144006  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:45397 -> 192.168.1.146:80
04/23-18:12:05.144006  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 ->
192.168.1.146:80
04/23-18:12:05.144006  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 ->
192.168.1.146:80
04/23-18:12:36.276211  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
include attempt [**] [Classification: Attempted Administrator Privilege
Gain] [Priority: 1] {TCP} 171.207.9.232:38814 -> 192.168.1.146:80
04/23-18:13:12.872174  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
include attempt [**] [Classification: Attempted Administrator Privilege
Gain] [Priority: 1] {TCP} 171.207.9.232:42151 -> 192.168.1.147:80
04/23-18:14:11.768307  [**] [1:24520:4] SERVER-WEBAPP Avaya IP Office
Customer Call Reporter invalid file upload attempt [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:45466 -> 192.168.1.146:80
04/23-18:14:41.826966  [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway
pbcontrol.php filename parameter command injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1]
{TCP} 171.207.9.232:37021 -> 192.168.1.147:80
04/23-18:16:45.267429  [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway
pbcontrol.php filename parameter command injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1]
{TCP} 171.207.9.232:55772 -> 192.168.1.146:80
04/23-18:17:43.693313  [**] [1:28251:1] SERVER-WEBAPP Zabbix session id
disclosure via sql injection attempt [**] [Classification: Web Application
Attack] [Priority: 1] {TCP} 171.207.9.232:47699 -> 192.168.1.147:80
04/23-18:18:20.064992  [**] [1:23111:5] POLICY-OTHER PHP uri tag injection
attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP}
171.207.9.232:37753 -> 192.168.1.146:80
04/23-18:19:46.474313  [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP
unserialize code execution attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35953 ->
192.168.1.147:80
04/23-18:19:56.032195  [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP
unserialize code execution attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50581 ->
192.168.1.146:80
04/23-18:25:03.277182  [**] [1:29041:1] SERVER-WEBAPP Cisco Prime Data
Center Network Manager processImageSave.jsp directory traversal attempt
[**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1]
{TCP} 171.207.9.232:52840 -> 192.168.1.147:80
04/23-18:25:23.701266  [**] [1:28288:1] SERVER-WEBAPP WebTester
install2.php arbitrary command execution attempt [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:58234 -> 192.168.1.147:80
04/23-18:26:20.716788  [**] [1:29387:1] SERVER-WEBAPP Synology DiskStation
Manager SLICEUPLOAD remote command execution attempt [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:37560 -> 192.168.1.147:80
04/23-18:28:07.713876  [**] [1:28288:1] SERVER-WEBAPP WebTester
install2.php arbitrary command execution attempt [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:58216 -> 192.168.1.146:80
04/23-18:35:55.385556  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:54744 -> 192.168.1.147:80
04/23-18:36:58.648392  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:46544 -> 192.168.1.146:80
04/23-18:37:06.719577  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:55900 -> 192.168.1.146:80
04/23-18:38:43.160774  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
code execution attempt - POST parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35862 ->
192.168.1.147:80
04/23-18:38:42.786371  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
code execution attempt - POST parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38992 ->
192.168.1.147:80
04/23-18:39:21.473819  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
code execution attempt - POST parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53647 ->
192.168.1.146:80
04/23-18:39:21.173596  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
code execution attempt - POST parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38094 ->
192.168.1.146:80
04/23-18:39:26.476437  [**] [1:23111:5] POLICY-OTHER PHP uri tag injection
attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP}
171.207.9.232:36636 -> 192.168.1.146:80

Regards,

Teo En Ming
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140423/7d10cf8f/attachment.html>


More information about the Snort-users mailing list