The last 50 IDS alarms

DATE HOST Event
2018-05-26 09:24:54.847b0da85SQL 1 = 1 - possible sql injection attempt
- b0da85 Previous message repeated 342 times
2018-05-26 09:05:23.007DMZ-Apache-FTP-DebianSERVER-WEBAPP /etc/passwd file access attempt
2018-05-25 04:28:06.915b0da85SQL url ending in comment characters - possible sql injection attempt
- b0da85 Previous message repeated 9 times
2018-05-23 23:15:45.466Desktop-ExchangePROTOCOL-DNS TCP inverse query
2018-05-23 23:15:45.466Desktop-ExchangePROTOCOL-DNS TCP inverse query overflow
2018-05-21 22:32:13.699b0da85SQL 1 = 1 - possible sql injection attempt
2018-05-21 22:07:53.733b0da85SQL url ending in comment characters - possible sql injection attempt
- b0da85 Previous message repeated 9 times
2018-05-21 22:07:34.213b0da85SQL 1 = 1 - possible sql injection attempt
- b0da85 Previous message repeated 365 times
2018-05-21 20:58:49.671b0da85SERVER-WEBAPP JBoss JMX console access attempt
2018-05-21 20:58:49.603b0da85POLICY-OTHER Adobe ColdFusion component browser access attempt
2018-05-21 20:58:38.87b0da85MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt
- b0da85 Previous message repeated 3 times
2018-05-21 20:58:37.491b0da85SERVER-WEBAPP JBoss web console access attempt
2018-05-21 20:57:07.213b0da85SERVER-WEBAPP JBoss JMX console access attempt
2018-05-21 20:56:47.44b0da85POLICY-OTHER Adobe ColdFusion admin interface access attempt
- b0da85 Previous message repeated 4 times
2018-05-21 20:55:53.249b0da85SQL generic sql with comments injection attempt - GET parameter
- b0da85 Previous message repeated 2 times
2018-05-21 20:55:40.301b0da85SERVER-WEBAPP JBoss web console access attempt
2018-05-21 20:55:36.576b0da85OS-OTHER Bash CGI environment variable injection attempt
- b0da85 Previous message repeated 60 times
2018-05-21 16:09:02.274DMZ-Corpweb-DebianOS-OTHER Bash CGI environment variable injection attempt
- DMZ-Corpweb-Debian Previous message repeated 4 times
2018-05-21 16:05:31.323DMZ-Corpweb-DebianSQL 1 = 1 - possible sql injection attempt
2018-05-21 15:41:32.918DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-05-21 15:41:32.918DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-05-21 15:39:52.435DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-05-21 15:39:52.435DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-05-21 15:20:53.386DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-05-21 15:20:53.386DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 1 times
2018-05-21 15:13:08.065DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 1 times
2018-05-21 15:12:28.269DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 1 times
2018-05-21 15:11:25.914DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 1 times
2018-05-21 15:11:05.546DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-05-21 15:07:50.351DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 3 times
2018-05-21 14:46:02.862DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-05-21 14:46:02.862DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-05-21 14:45:18.596DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-05-21 14:45:18.596DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 1 times
2018-05-21 14:44:15.302DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-05-21 14:20:40.694DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-05-21 14:20:40.694DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 1 times
2018-05-21 14:11:39.043DMZ-Corpweb-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
- DMZ-Corpweb-Debian Previous message repeated 2 times
2018-05-21 12:52:58.104DMZ-Apache-FTP-DebianSERVER-WEBAPP /etc/passwd file access attempt
2018-05-21 11:53:56.47BonSQL 1 = 1 - possible sql injection attempt
2018-05-19 09:59:22.023DMZ-Corpweb-DebianSERVER-WEBAPP /etc/passwd file access attempt
- DMZ-Corpweb-Debian Previous message repeated 1 times
2018-05-19 09:57:56b0da85SQL 1 = 1 - possible sql injection attempt
- b0da85 Previous message repeated 2 times
2018-05-18 23:58:18.608b0da85SERVER-WEBAPP JBoss JMX console access attempt
2018-05-18 23:57:59.327b0da85POLICY-OTHER Adobe ColdFusion admin interface access attempt
- b0da85 Previous message repeated 4 times
2018-05-18 23:57:08.489b0da85SQL generic sql with comments injection attempt - GET parameter
- b0da85 Previous message repeated 2 times
2018-05-18 23:56:53.46b0da85SERVER-WEBAPP JBoss web console access attempt
2018-05-18 23:56:50.153b0da85OS-OTHER Bash CGI environment variable injection attempt
- b0da85 Previous message repeated 60 times
2018-05-18 23:16:23.631b0da85SQL 1 = 1 - possible sql injection attempt
- b0da85 Previous message repeated 2 times
2018-05-18 22:35:14.159b0da85SQL url ending in comment characters - possible sql injection attempt
- b0da85 Previous message repeated 40 times
2018-05-18 22:30:59.304b0da85SQL 1 = 1 - possible sql injection attempt
2018-05-18 01:05:33.492Desktop-AD-2k8OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-05-18 01:05:33.492Desktop-AD-2k8OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-05-17 22:49:50.289eonSQL 1 = 1 - possible sql injection attempt
2018-05-17 04:51:32.712b0da85SQL 1 = 1 - possible sql injection attempt
- b0da85 Previous message repeated 1 times
2018-05-17 03:47:35.576Desktop-FileServerSERVER-WEBAPP JBoss web console access attempt
2018-05-17 03:46:57.064Desktop-FileServerSERVER-WEBAPP JBoss JMX console access attempt
2018-05-17 03:46:27.093Desktop-FileServerSERVER-WEBAPP JBoss admin-console access
2018-05-17 03:46:06.095Desktop-FileServerSERVER-WEBAPP JBoss JMX console access attempt
2018-05-17 03:45:09.081Desktop-FileServerSERVER-WEBAPP JBoss admin-console access
2018-05-17 03:44:48.411b0da85SQL 1 = 1 - possible sql injection attempt
2018-05-17 00:49:57.745DMZ-Corpweb-DebianPROTOCOL-DNS dns zone transfer via TCP detected
2018-05-17 00:46:39.952eonPROTOCOL-DNS dns zone transfer via TCP detected
2018-05-16 23:38:17.34eonSQL 1 = 1 - possible sql injection attempt
- eon Previous message repeated 1 times
2018-05-16 06:09:46.725eonPROTOCOL-DNS dns zone transfer via TCP detected
- eon Previous message repeated 1 times
2018-05-16 04:21:33.389DMZ-Corpweb-DebianSQL 1 = 1 - possible sql injection attempt
- DMZ-Corpweb-Debian Previous message repeated 4 times
2018-05-14 23:45:25.962eonSQL 1 = 1 - possible sql injection attempt