Sep 10 11:06:28 [10.16.115.7] Sep 10 2008 15:06:28: %PIX-6-302013: Built outbound TCP connection -413110455 for outside:209.85.133.127/80 (209.85.133.127/80) to inside:10.16.121.72/1876 (170.146.91.6/24233) Sep 10 11:06:28 [10.16.115.7] Sep 10 2008 15:06:28: %PIX-5-304001: 10.16.121.72 Accessed URL 209.85.133.127:http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=980746286&utmcs=utf-8&utmsr=1024x768&utmsc=16-bit&utmul=en-us&utmje=1&utmfl=9.0%20r45&utmcn=1&utmdt=SQL%20Server%20Forums%20-%20Query%20Multiple%20Tables%20-%20Union%2FOrder%20By&utmhn=www.sqlteam.com&utmhid=1773677121&utmr=http://www.google.com/search?hl=en&q=multiple+order+by+UNION+sql&utmp=/forums/topic.asp?TOPIC_ID=91585&utmac=UA-222470-2&utmcc=__utma%3D26473151.96 Sep 10 11:07:28 [10.16.115.7] Sep 10 2008 15:07:28: %PIX-6-302014: Teardown TCP connection -413110455 for outside:209.85.133.127/80 to inside:10.16.121.72/1876 duration 0:01:00 bytes 1223 TCP Reset-I Sep 10 11:08:23 [10.16.115.7] Sep 10 2008 15:08:23: %PIX-6-302013: Built outbound TCP connection -413020515 for outside:209.85.133.127/80 (209.85.133.127/80) to inside:10.16.121.72/1899 (170.146.91.6/18001) Sep 10 11:08:23 [10.16.115.7] Sep 10 2008 15:08:23: %PIX-5-304001: 10.16.121.72 Accessed URL 209.85.133.127:http://www.google-analytics.com/__utm.gif?utmwv=4.3&utmn=1074962126&utmhn=snipplr.com&utmcs=utf-8&utmsr=1024x768&utmsc=16-bit&utmul=en-us&utmje=1&utmfl=9.0%20r45&utmcn=1&utmdt=Ordering%20multiple%20SELECT%20statements%20in%20a%20UNION%20-%20SQL%20-%20Snipplr&utmhid=1599883955&utmr=http://www.google.com/search?hl=en&q=multiple+order+by+UNION+sql&utmp=/view/4076/ordering-multiple-select-statements-in-a-union/&utmac=UA-88442-11 Sep 10 11:08:47 [10.16.115.7] Sep 10 2008 15:08:47: %PIX-5-304001: 10.16.121.72 Accessed URL 209.85.133.127:http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=989698448&utmcs=iso-8859-1&utmsr=1024x768&utmsc=16-bit&utmul=en-us&utmje=1&utmfl=9.0%20r45&utmcn=1&utmdt=multiple%20order%20by%20statements%20in%20union%20select%20-%20Dev%20Shed&utmhn=forums.devshed.com&utmhid=497682213&utmr=http://www.google.com/search?hl=en&q=multiple+order+by+UNION+sql&utmp=/ms-sql-development-95/multiple-order-by-statements-in-union-select-221049. Event ID 1213278370490690847 Severity high Host ID BRID_NIPS06 Application Name sensorApp Event Time 09/10/2008 11:08:48 Sensor Local Time 08/10/2008 11:08:48 Signature ID 5930 Signature Sub-ID 0 Signature Name Generic SQL Injection Signature Version S349 Signature Details Union All? Select Interface Group vs0 VLAN ID 0 Interface ge0_0 Attacker IP 10.16.121.72 Protocol tcp Attacker Port 1899 Attacker Locality INSIDE Target IP 209.85.133.127 Target Port 80 Target Locality Outside Target OS unknown unknown (relevant) Actions Risk Rating TVR=medium ARR=relevant Risk Rating Value 90 Threat Rating 90 Context Data From attacker: Ether: ---- Ethernet2 OSI=2 Frame #1 Captured on 2008-09-10 11:08:48.375 ---- Ether: Ether: dst = 2d:73:74:61:74:65 Ether: src = 6d:65:6e:74:73:2d Ether: proto = 0x696e Ether: Data: 0000 2d 75 6e 69 6f 6e 2d 73 65 6c 65 63 74 2d 32 32 -union-select-22 Data: 0010 31 30 34 39 2e 68 74 6d 6c 0d 0a 41 63 63 65 70 1049.html..Accep Data: 0020 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 t-Language: en-u Data: 0030 73 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 s..Accept-Encodi Data: 0040 6e 67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 ng: gzip, deflat Data: 0050 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d e..User-Agent: M Data: 0060 6f 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 ozilla/4.0 (comp Data: 0070 61 74 69 62 6c 65 3b 20 4d 53 49 45 20 36 2e 30 atible; MSIE 6.0 Data: 0080 3b 20 57 69 6e 64 6f 77 73 20 4e 54 20 35 2e 31 ; Windows NT 5.1 Data: 0090 3b 20 53 56 31 3b 20 2e 4e 45 54 20 43 4c 52 20 ; SV1; .NET CLR Data: 00a0 32 2e 30 2e 35 30 37 32 37 3b 20 49 6e 66 6f 50 2.0.50727; InfoP Data: 00b0 61 74 68 2e 31 29 0d 0a 48 6f 73 74 3a 20 77 77 ath.1)..Host: ww Data: 00c0 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 w.google-analyti Data: 00d0 63 73 2e 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 cs.com..Connecti Data: 00e0 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a on: Keep-Alive.. Data: 00f0 0d 0a .. Data: Packet Data Event Summary 0 Initial Alert Summary Type Final Alert Event Status New Event Notes