[Snort-users] My Snort IDS Sensor Detected Metasploit Exploit Attempts

Teo En Ming teo.en.ming at ...11827...
Wed Apr 23 07:59:12 EDT 2014


Hi,

In the previous (1st) Metasploit exploit attempt, there were 136 Snort
alerts with the internet-facing IP address included in HOME_NET in
snort.conf.

In the 2nd Metasploit exploit attempt, I removed the internet-facing IP
address from HOME_NET in snort.conf and there were 95 Snort alerts.

***So I don't think it is necessary to include internet-facing IP address
in HOME_NET.*** Do you guys agree with this?

Here are the Snort alerts from the 2nd Metasploit exploit attempt:

04/23-18:59:33.230809  [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter
CasinoLoader SQL injection [**] [Classification: A Network Trojan was
Detected] [Priority: 1] {TCP} 171.207.9.232:35869 -> 192.168.1.146:80
04/23-19:06:23.153624  [**] [1:20158:9] SERVER-WEBAPP Oracle GlassFish
Server default credentials login attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47198 ->
192.168.1.147:80
04/23-19:07:51.550750  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44608 ->
192.168.1.146:80
04/23-19:07:51.550750  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44608 ->
192.168.1.146:80
04/23-19:07:51.943934  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36966 ->
192.168.1.146:80
04/23-19:07:51.943934  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36966 ->
192.168.1.146:80
04/23-19:07:52.543716  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39123 ->
192.168.1.146:80
04/23-19:07:52.543716  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39123 ->
192.168.1.146:80
04/23-19:07:52.687912  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50919 ->
192.168.1.146:80
04/23-19:07:52.687912  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50919 ->
192.168.1.146:80
04/23-19:07:53.331668  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48301 ->
192.168.1.146:80
04/23-19:07:53.331668  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48301 ->
192.168.1.146:80
04/23-19:07:53.331668  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48301 ->
192.168.1.146:80
04/23-19:08:07.576104  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50744 ->
192.168.1.147:80
04/23-19:08:07.576104  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50744 ->
192.168.1.147:80
04/23-19:08:07.952043  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58019 ->
192.168.1.147:80
04/23-19:08:07.952043  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58019 ->
192.168.1.147:80
04/23-19:08:08.458397  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58599 ->
192.168.1.147:80
04/23-19:08:08.458397  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58599 ->
192.168.1.147:80
04/23-19:08:08.826209  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37851 ->
192.168.1.147:80
04/23-19:08:08.826209  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37851 ->
192.168.1.147:80
04/23-19:08:08.990232  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37930 ->
192.168.1.147:80
04/23-19:08:08.990232  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37930 ->
192.168.1.147:80
04/23-19:08:08.990232  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37930 ->
192.168.1.147:80
04/23-19:08:18.702392  [**] [1:21555:2] MALWARE-OTHER Horde javascript.php
href backdoor [**] [Classification: A Network Trojan was Detected]
[Priority: 1] {TCP} 171.207.9.232:46644 -> 192.168.1.146:80
04/23-19:09:05.300153  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
include attempt [**] [Classification: Attempted Administrator Privilege
Gain] [Priority: 1] {TCP} 171.207.9.232:42708 -> 192.168.1.146:80
04/23-19:09:26.657189  [**] [1:21555:2] MALWARE-OTHER Horde javascript.php
href backdoor [**] [Classification: A Network Trojan was Detected]
[Priority: 1] {TCP} 171.207.9.232:53179 -> 192.168.1.147:80
04/23-19:09:54.885160  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59272 ->
192.168.1.147:80
04/23-19:09:54.885160  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:59272 -> 192.168.1.147:80
04/23-19:09:54.885160  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59272 ->
192.168.1.147:80
04/23-19:09:55.070576  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52768 ->
192.168.1.147:80
04/23-19:09:55.070576  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:52768 -> 192.168.1.147:80
04/23-19:09:55.070576  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52768 ->
192.168.1.147:80
04/23-19:09:55.291304  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58220 ->
192.168.1.147:80
04/23-19:09:55.291304  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:58220 -> 192.168.1.147:80
04/23-19:09:55.291304  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58220 ->
192.168.1.147:80
04/23-19:09:56.735170  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44015 ->
192.168.1.147:80
04/23-19:09:56.735170  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:44015 -> 192.168.1.147:80
04/23-19:09:56.735170  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44015 ->
192.168.1.147:80
04/23-19:09:57.008456  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39247 ->
192.168.1.147:80
04/23-19:09:57.008456  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:39247 -> 192.168.1.147:80
04/23-19:09:57.008456  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39247 ->
192.168.1.147:80
04/23-19:09:57.269374  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:49632 ->
192.168.1.147:80
04/23-19:09:57.269374  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:49632 -> 192.168.1.147:80
04/23-19:09:57.269374  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:49632 ->
192.168.1.147:80
04/23-19:09:57.471271  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56493 ->
192.168.1.147:80
04/23-19:09:57.471271  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:56493 -> 192.168.1.147:80
04/23-19:09:57.471271  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56493 ->
192.168.1.147:80
04/23-19:09:57.639986  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50604 ->
192.168.1.147:80
04/23-19:09:57.639986  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:50604 -> 192.168.1.147:80
04/23-19:09:57.639986  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50604 ->
192.168.1.147:80
04/23-19:09:57.917280  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44753 ->
192.168.1.147:80
04/23-19:09:57.917280  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:44753 -> 192.168.1.147:80
04/23-19:09:57.917280  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44753 ->
192.168.1.147:80
04/23-19:09:58.116309  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43094 ->
192.168.1.147:80
04/23-19:09:58.116309  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:43094 -> 192.168.1.147:80
04/23-19:09:58.116309  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43094 ->
192.168.1.147:80
04/23-19:09:58.277134  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48034 ->
192.168.1.147:80
04/23-19:09:58.277134  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:48034 -> 192.168.1.147:80
04/23-19:09:58.277134  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48034 ->
192.168.1.147:80
04/23-19:09:58.568110  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39075 ->
192.168.1.147:80
04/23-19:09:58.568110  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:39075 -> 192.168.1.147:80
04/23-19:09:58.568110  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39075 ->
192.168.1.147:80
04/23-19:09:58.726410  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:51431 ->
192.168.1.147:80
04/23-19:09:58.726410  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:51431 -> 192.168.1.147:80
04/23-19:09:58.726410  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:51431 ->
192.168.1.147:80
04/23-19:09:58.886976  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56634 ->
192.168.1.147:80
04/23-19:09:58.886976  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:56634 -> 192.168.1.147:80
04/23-19:09:58.886976  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56634 ->
192.168.1.147:80
04/23-19:09:59.129323  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47612 ->
192.168.1.147:80
04/23-19:09:59.129323  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:47612 -> 192.168.1.147:80
04/23-19:09:59.129323  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47612 ->
192.168.1.147:80
04/23-19:09:59.321208  [**] [1:21073:3] SERVER-APACHE Apache Struts
allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32881 ->
192.168.1.147:80
04/23-19:09:59.321208  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
code execution attempt - DebuggingInterceptor [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:32881 -> 192.168.1.147:80
04/23-19:09:59.321208  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32881 ->
192.168.1.147:80
04/23-19:09:59.321208  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
code execution attempt - GET parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32881 ->
192.168.1.147:80
04/23-19:10:43.299830  [**] [1:24520:4] SERVER-WEBAPP Avaya IP Office
Customer Call Reporter invalid file upload attempt [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:54089 -> 192.168.1.146:80
04/23-19:11:16.158913  [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway
pbcontrol.php filename parameter command injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1]
{TCP} 171.207.9.232:37160 -> 192.168.1.146:80
04/23-19:12:55.409554  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
include attempt [**] [Classification: Attempted Administrator Privilege
Gain] [Priority: 1] {TCP} 171.207.9.232:47559 -> 192.168.1.147:80
04/23-19:14:04.141386  [**] [1:24520:4] SERVER-WEBAPP Avaya IP Office
Customer Call Reporter invalid file upload attempt [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:41913 -> 192.168.1.147:80
04/23-19:15:12.632297  [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway
pbcontrol.php filename parameter command injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1]
{TCP} 171.207.9.232:42473 -> 192.168.1.147:80
04/23-19:15:47.733149  [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP
unserialize code execution attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:58368 ->
192.168.1.146:80
04/23-19:16:48.787248  [**] [1:23111:5] POLICY-OTHER PHP uri tag injection
attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP}
171.207.9.232:56912 -> 192.168.1.147:80
04/23-19:16:58.634538  [**] [1:28251:1] SERVER-WEBAPP Zabbix session id
disclosure via sql injection attempt [**] [Classification: Web Application
Attack] [Priority: 1] {TCP} 171.207.9.232:34616 -> 192.168.1.147:80
04/23-19:18:24.918348  [**] [1:24804:2] SERVER-WEBAPP Invision IP Board PHP
unserialize code execution attempt [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:33526 ->
192.168.1.147:80
04/23-19:21:09.394272  [**] [1:29041:1] SERVER-WEBAPP Cisco Prime Data
Center Network Manager processImageSave.jsp directory traversal attempt
[**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1]
{TCP} 171.207.9.232:40492 -> 192.168.1.146:80
04/23-19:21:30.495860  [**] [1:28251:1] SERVER-WEBAPP Zabbix session id
disclosure via sql injection attempt [**] [Classification: Web Application
Attack] [Priority: 1] {TCP} 171.207.9.232:47254 -> 192.168.1.146:80
04/23-19:22:02.778100  [**] [1:28288:1] SERVER-WEBAPP WebTester
install2.php arbitrary command execution attempt [**] [Classification:
Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:56672 -> 192.168.1.146:80
04/23-19:23:20.951569  [**] [1:29041:1] SERVER-WEBAPP Cisco Prime Data
Center Network Manager processImageSave.jsp directory traversal attempt
[**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1]
{TCP} 171.207.9.232:59967 -> 192.168.1.147:80
04/23-19:31:24.411273  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:41748 -> 192.168.1.146:80
04/23-19:31:43.136606  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
171.207.9.232:59872 -> 192.168.1.146:80
04/23-19:34:07.992912  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
code execution attempt - POST parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:54455 ->
192.168.1.146:80
04/23-19:34:09.209024  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
code execution attempt - POST parameter [**] [Classification: Attempted
Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37209 ->
192.168.1.146:80
04/23-19:34:15.947206  [**] [1:23111:5] POLICY-OTHER PHP uri tag injection
attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP}
171.207.9.232:38692 -> 192.168.1.146:80

Regards,

Teo En Ming


On Wed, Apr 23, 2014 at 6:52 PM, Teo En Ming <teo.en.ming at ...11827...> wrote:

>
> Yes!!! I executed Metasploit exploit attempts at my internet-facing IP
> address and lots of Snort alerts were generated. This means that my Snort
> IDS sensor is functioning properly.
>
> Here are the Snort alerts:
>
> 04/23-18:00:41.465006  [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter
> CasinoLoader SQL injection [**] [Classification: A Network Trojan was
> Detected] [Priority: 1] {TCP} 171.207.9.232:60452 -> 192.168.1.146:80
> 04/23-18:04:41.932147  [**] [1:29881:1] MALWARE-CNC Win.Trojan.Dexter
> CasinoLoader SQL injection [**] [Classification: A Network Trojan was
> Detected] [Priority: 1] {TCP} 171.207.9.232:36215 -> 192.168.1.147:80
> 04/23-18:07:53.130949  [**] [1:20158:9] SERVER-WEBAPP Oracle GlassFish
> Server default credentials login attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60614 ->
> 192.168.1.147:80
> 04/23-18:10:14.401649  [**] [1:21555:2] MALWARE-OTHER Horde javascript.php
> href backdoor [**] [Classification: A Network Trojan was Detected]
> [Priority: 1] {TCP} 171.207.9.232:49301 -> 192.168.1.147:80
> 04/23-18:10:54.659169  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38585 ->
> 192.168.1.146:80
> 04/23-18:10:54.659169  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38585 ->
> 192.168.1.146:80
> 04/23-18:10:54.814134  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48941 ->
> 192.168.1.146:80
> 04/23-18:10:54.814134  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48941 ->
> 192.168.1.146:80
> 04/23-18:10:54.947304  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45329 ->
> 192.168.1.146:80
> 04/23-18:10:54.947304  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45329 ->
> 192.168.1.146:80
> 04/23-18:10:55.300167  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48882 ->
> 192.168.1.146:80
> 04/23-18:10:55.300167  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48882 ->
> 192.168.1.146:80
> 04/23-18:10:55.881890  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 ->
> 192.168.1.146:80
> 04/23-18:10:55.881890  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 ->
> 192.168.1.146:80
> 04/23-18:10:55.881890  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:43587 ->
> 192.168.1.146:80
> 04/23-18:11:02.245134  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59799 ->
> 192.168.1.147:80
> 04/23-18:11:02.245134  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:59799 -> 192.168.1.147:80
> 04/23-18:11:02.245134  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:59799 ->
> 192.168.1.147:80
> 04/23-18:11:02.344691  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35810 ->
> 192.168.1.147:80
> 04/23-18:11:02.344691  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:35810 -> 192.168.1.147:80
> 04/23-18:11:02.344691  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35810 ->
> 192.168.1.147:80
> 04/23-18:11:02.614324  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41909 ->
> 192.168.1.147:80
> 04/23-18:11:02.614324  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:41909 -> 192.168.1.147:80
> 04/23-18:11:02.614324  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41909 ->
> 192.168.1.147:80
> 04/23-18:11:03.450372  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34810 ->
> 192.168.1.147:80
> 04/23-18:11:03.450372  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:34810 -> 192.168.1.147:80
> 04/23-18:11:03.450372  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34810 ->
> 192.168.1.147:80
> 04/23-18:11:04.581732  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53248 ->
> 192.168.1.147:80
> 04/23-18:11:04.581732  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:53248 -> 192.168.1.147:80
> 04/23-18:11:04.581732  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53248 ->
> 192.168.1.147:80
> 04/23-18:11:05.045183  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35419 ->
> 192.168.1.147:80
> 04/23-18:11:05.045183  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:35419 -> 192.168.1.147:80
> 04/23-18:11:05.045183  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35419 ->
> 192.168.1.147:80
> 04/23-18:11:05.354233  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36826 ->
> 192.168.1.147:80
> 04/23-18:11:05.354233  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:36826 -> 192.168.1.147:80
> 04/23-18:11:05.354233  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:36826 ->
> 192.168.1.147:80
> 04/23-18:11:05.819363  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37734 ->
> 192.168.1.147:80
> 04/23-18:11:05.819363  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:37734 -> 192.168.1.147:80
> 04/23-18:11:05.819363  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:37734 ->
> 192.168.1.147:80
> 04/23-18:11:05.985363  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48045 ->
> 192.168.1.147:80
> 04/23-18:11:05.985363  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:48045 -> 192.168.1.147:80
> 04/23-18:11:05.985363  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:48045 ->
> 192.168.1.147:80
> 04/23-18:11:06.119571  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39739 ->
> 192.168.1.147:80
> 04/23-18:11:06.119571  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:39739 -> 192.168.1.147:80
> 04/23-18:11:06.119571  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39739 ->
> 192.168.1.147:80
> 04/23-18:11:06.512961  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56316 ->
> 192.168.1.147:80
> 04/23-18:11:06.512961  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:56316 -> 192.168.1.147:80
> 04/23-18:11:06.512961  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56316 ->
> 192.168.1.147:80
> 04/23-18:11:07.300177  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42529 ->
> 192.168.1.147:80
> 04/23-18:11:07.300177  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:42529 -> 192.168.1.147:80
> 04/23-18:11:07.300177  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:42529 ->
> 192.168.1.147:80
> 04/23-18:11:07.511373  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55687 ->
> 192.168.1.147:80
> 04/23-18:11:07.511373  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:55687 -> 192.168.1.147:80
> 04/23-18:11:07.511373  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55687 ->
> 192.168.1.147:80
> 04/23-18:11:07.735902  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38990 ->
> 192.168.1.147:80
> 04/23-18:11:07.735902  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:38990 -> 192.168.1.147:80
> 04/23-18:11:07.735902  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38990 ->
> 192.168.1.147:80
> 04/23-18:11:07.983140  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52419 ->
> 192.168.1.147:80
> 04/23-18:11:07.983140  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:52419 -> 192.168.1.147:80
> 04/23-18:11:07.983140  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:52419 ->
> 192.168.1.147:80
> 04/23-18:11:08.193910  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 ->
> 192.168.1.147:80
> 04/23-18:11:08.193910  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:56750 -> 192.168.1.147:80
> 04/23-18:11:08.193910  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 ->
> 192.168.1.147:80
> 04/23-18:11:08.193910  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:56750 ->
> 192.168.1.147:80
> 04/23-18:11:36.276659  [**] [1:21555:2] MALWARE-OTHER Horde javascript.php
> href backdoor [**] [Classification: A Network Trojan was Detected]
> [Priority: 1] {TCP} 171.207.9.232:47467 -> 192.168.1.146:80
> 04/23-18:11:59.296782  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60163 ->
> 192.168.1.146:80
> 04/23-18:11:59.296782  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:60163 -> 192.168.1.146:80
> 04/23-18:11:59.296782  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60163 ->
> 192.168.1.146:80
> 04/23-18:11:59.640085  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55466 ->
> 192.168.1.146:80
> 04/23-18:11:59.640085  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:55466 -> 192.168.1.146:80
> 04/23-18:11:59.640085  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55466 ->
> 192.168.1.146:80
> 04/23-18:12:00.974738  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32790 ->
> 192.168.1.146:80
> 04/23-18:12:00.974738  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:32790 -> 192.168.1.146:80
> 04/23-18:12:00.974738  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:32790 ->
> 192.168.1.146:80
> 04/23-18:12:01.087403  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35007 ->
> 192.168.1.146:80
> 04/23-18:12:01.087403  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:35007 -> 192.168.1.146:80
> 04/23-18:12:01.087403  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35007 ->
> 192.168.1.146:80
> 04/23-18:12:01.219393  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47339 ->
> 192.168.1.146:80
> 04/23-18:12:01.219393  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:47339 -> 192.168.1.146:80
> 04/23-18:12:01.219393  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:47339 ->
> 192.168.1.146:80
> 04/23-18:12:01.515646  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41742 ->
> 192.168.1.146:80
> 04/23-18:12:01.515646  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:41742 -> 192.168.1.146:80
> 04/23-18:12:01.515646  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:41742 ->
> 192.168.1.146:80
> 04/23-18:12:02.109268  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53071 ->
> 192.168.1.146:80
> 04/23-18:12:02.109268  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:53071 -> 192.168.1.146:80
> 04/23-18:12:02.109268  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53071 ->
> 192.168.1.146:80
> 04/23-18:12:02.272663  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55032 ->
> 192.168.1.146:80
> 04/23-18:12:02.272663  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:55032 -> 192.168.1.146:80
> 04/23-18:12:02.272663  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:55032 ->
> 192.168.1.146:80
> 04/23-18:12:02.664309  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44332 ->
> 192.168.1.146:80
> 04/23-18:12:02.664309  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:44332 -> 192.168.1.146:80
> 04/23-18:12:02.664309  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44332 ->
> 192.168.1.146:80
> 04/23-18:12:03.011280  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50524 ->
> 192.168.1.146:80
> 04/23-18:12:03.011280  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:50524 -> 192.168.1.146:80
> 04/23-18:12:03.011280  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50524 ->
> 192.168.1.146:80
> 04/23-18:12:03.166853  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60536 ->
> 192.168.1.146:80
> 04/23-18:12:03.166853  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:60536 -> 192.168.1.146:80
> 04/23-18:12:03.166853  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:60536 ->
> 192.168.1.146:80
> 04/23-18:12:03.399633  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39061 ->
> 192.168.1.146:80
> 04/23-18:12:03.399633  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:39061 -> 192.168.1.146:80
> 04/23-18:12:03.399633  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:39061 ->
> 192.168.1.146:80
> 04/23-18:12:04.265497  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38813 ->
> 192.168.1.146:80
> 04/23-18:12:04.265497  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:38813 -> 192.168.1.146:80
> 04/23-18:12:04.265497  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38813 ->
> 192.168.1.146:80
> 04/23-18:12:04.691903  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34676 ->
> 192.168.1.146:80
> 04/23-18:12:04.691903  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:34676 -> 192.168.1.146:80
> 04/23-18:12:04.691903  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:34676 ->
> 192.168.1.146:80
> 04/23-18:12:05.020970  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44677 ->
> 192.168.1.146:80
> 04/23-18:12:05.020970  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:44677 -> 192.168.1.146:80
> 04/23-18:12:05.020970  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:44677 ->
> 192.168.1.146:80
> 04/23-18:12:05.144006  [**] [1:21073:3] SERVER-APACHE Apache Struts
> allowStaticMethodAccess invocation attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 ->
> 192.168.1.146:80
> 04/23-18:12:05.144006  [**] [1:21075:4] SERVER-APACHE Apache Struts remote
> code execution attempt - DebuggingInterceptor [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:45397 -> 192.168.1.146:80
> 04/23-18:12:05.144006  [**] [1:21656:4] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 ->
> 192.168.1.146:80
> 04/23-18:12:05.144006  [**] [1:21072:3] SERVER-APACHE Apache Struts remote
> code execution attempt - GET parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:45397 ->
> 192.168.1.146:80
> 04/23-18:12:36.276211  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
> include attempt [**] [Classification: Attempted Administrator Privilege
> Gain] [Priority: 1] {TCP} 171.207.9.232:38814 -> 192.168.1.146:80
> 04/23-18:13:12.872174  [**] [1:22063:9] SERVER-WEBAPP PHP-CGI remote file
> include attempt [**] [Classification: Attempted Administrator Privilege
> Gain] [Priority: 1] {TCP} 171.207.9.232:42151 -> 192.168.1.147:80
> 04/23-18:14:11.768307  [**] [1:24520:4] SERVER-WEBAPP Avaya IP Office
> Customer Call Reporter invalid file upload attempt [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:45466 -> 192.168.1.146:80
> 04/23-18:14:41.826966  [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway
> pbcontrol.php filename parameter command injection attempt [**]
> [Classification: Attempted Administrator Privilege Gain] [Priority: 1]
> {TCP} 171.207.9.232:37021 -> 192.168.1.147:80
> 04/23-18:16:45.267429  [**] [1:23783:6] SERVER-WEBAPP Symantec Web Gateway
> pbcontrol.php filename parameter command injection attempt [**]
> [Classification: Attempted Administrator Privilege Gain] [Priority: 1]
> {TCP} 171.207.9.232:55772 -> 192.168.1.146:80
> 04/23-18:17:43.693313  [**] [1:28251:1] SERVER-WEBAPP Zabbix session id
> disclosure via sql injection attempt [**] [Classification: Web Application
> Attack] [Priority: 1] {TCP} 171.207.9.232:47699 -> 192.168.1.147:80
> 04/23-18:18:20.064992  [**] [1:23111:5] POLICY-OTHER PHP uri tag injection
> attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP}
> 171.207.9.232:37753 -> 192.168.1.146:80
> 04/23-18:19:46.474313  [**] [1:24804:2] SERVER-WEBAPP Invision IP Board
> PHP unserialize code execution attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35953 ->
> 192.168.1.147:80
> 04/23-18:19:56.032195  [**] [1:24804:2] SERVER-WEBAPP Invision IP Board
> PHP unserialize code execution attempt [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:50581 ->
> 192.168.1.146:80
> 04/23-18:25:03.277182  [**] [1:29041:1] SERVER-WEBAPP Cisco Prime Data
> Center Network Manager processImageSave.jsp directory traversal attempt
> [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1]
> {TCP} 171.207.9.232:52840 -> 192.168.1.147:80
> 04/23-18:25:23.701266  [**] [1:28288:1] SERVER-WEBAPP WebTester
> install2.php arbitrary command execution attempt [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:58234 -> 192.168.1.147:80
> 04/23-18:26:20.716788  [**] [1:29387:1] SERVER-WEBAPP Synology DiskStation
> Manager SLICEUPLOAD remote command execution attempt [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:37560 -> 192.168.1.147:80
> 04/23-18:28:07.713876  [**] [1:28288:1] SERVER-WEBAPP WebTester
> install2.php arbitrary command execution attempt [**] [Classification:
> Attempted Administrator Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:58216 -> 192.168.1.146:80
> 04/23-18:35:55.385556  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
> ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
> [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:54744 -> 192.168.1.147:80
> 04/23-18:36:58.648392  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
> ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
> [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:46544 -> 192.168.1.146:80
> 04/23-18:37:06.719577  [**] [1:18998:6] SERVER-WEBAPP HP OpenView NNM
> ovwebsnmpsrv.exe command line argument buffer overflow attempt [**]
> [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
> 171.207.9.232:55900 -> 192.168.1.146:80
> 04/23-18:38:43.160774  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
> code execution attempt - POST parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:35862 ->
> 192.168.1.147:80
> 04/23-18:38:42.786371  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
> code execution attempt - POST parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38992 ->
> 192.168.1.147:80
> 04/23-18:39:21.473819  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
> code execution attempt - POST parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:53647 ->
> 192.168.1.146:80
> 04/23-18:39:21.173596  [**] [1:23631:3] SERVER-APACHE Apache Struts remote
> code execution attempt - POST parameter [**] [Classification: Attempted
> Administrator Privilege Gain] [Priority: 1] {TCP} 171.207.9.232:38094 ->
> 192.168.1.146:80
> 04/23-18:39:26.476437  [**] [1:23111:5] POLICY-OTHER PHP uri tag injection
> attempt [**] [Classification: Web Application Attack] [Priority: 1] {TCP}
> 171.207.9.232:36636 -> 192.168.1.146:80
>
> Regards,
>
> Teo En Ming
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140423/04b765cd/attachment.html>


More information about the Snort-users mailing list