[**] spp_http_decode: IIS Unicode attack detected [**]
05/02-14:48:34.963913 192.168.1.11:1178 -> 202.93.87.190:80
TCP TTL:64 TOS:0x0 ID:51862 IpLen:20 DgmLen:1171 DF
***AP*** Seq: 0xC1979E54  Ack: 0x468E1A70  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 348730 3877753071 

[**] spp_http_decode: IIS Unicode attack detected [**]
05/02-14:48:34.963913 192.168.1.11:1178 -> 202.93.87.190:80
TCP TTL:64 TOS:0x0 ID:51862 IpLen:20 DgmLen:1171 DF
***AP*** Seq: 0xC1979E54  Ack: 0x468E1A70  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 348730 3877753071 

[**] spp_http_decode: IIS Unicode attack detected [**]
05/02-14:48:34.963913 192.168.1.11:1178 -> 202.93.87.190:80
TCP TTL:64 TOS:0x0 ID:51862 IpLen:20 DgmLen:1171 DF
***AP*** Seq: 0xC1979E54  Ack: 0x468E1A70  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 348730 3877753071 

[**] spp_http_decode: IIS Unicode attack detected [**]
05/02-14:48:34.963913 192.168.1.11:1178 -> 202.93.87.190:80
TCP TTL:64 TOS:0x0 ID:51862 IpLen:20 DgmLen:1171 DF
***AP*** Seq: 0xC1979E54  Ack: 0x468E1A70  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 348730 3877753071 

[**] spp_http_decode: IIS Unicode attack detected [**]
05/02-14:51:01.319255 192.168.1.11:1225 -> 202.93.87.190:80
TCP TTL:64 TOS:0x0 ID:62920 IpLen:20 DgmLen:1312 DF
***AP*** Seq: 0xC9C2844A  Ack: 0x340BF149  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 363366 3863130928 

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-15:11:31.328749 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:26170 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:9999 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-15:11:32.877571 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:26171 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:10000 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-15:11:34.378547 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:26172 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:10003 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-16:10:18.348659 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:10647 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:92 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-16:10:19.903845 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:10648 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:93 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-16:10:21.444227 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:10649 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:94 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-16:58:21.567041 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:61369 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:128 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-16:58:23.065305 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:61370 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:129 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-16:58:24.564932 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:61371 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:130 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-17:10:07.836883 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:3441 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:134 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-17:10:09.335827 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:3442 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:135 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-17:10:10.836235 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:3443 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:136 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-18:10:18.967465 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:38419 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:176 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-18:10:20.529382 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:38420 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:177 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-18:10:22.029976 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:38421 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:178 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-19:10:09.013622 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:47920 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:217 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-19:10:10.513306 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:47921 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:218 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-19:10:12.013947 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:47922 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:219 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-20:10:10.453770 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:34240 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:253 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-20:10:11.952700 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:34241 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:254 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-20:10:13.453069 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:34242 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:255 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-21:10:44.782058 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:21334 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:228 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-21:10:46.281093 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:21335 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:229 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-21:10:47.781464 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:21336 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:230 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-22:10:43.522284 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:33386 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:91 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-22:10:45.021192 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:33387 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:92 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-22:10:46.521570 192.168.1.11 -> 192.168.1.13
ICMP TTL:64 TOS:0xC0 ID:33388 IpLen:20 DgmLen:106
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.13:137 -> 192.168.1.11:137
UDP TTL:128 TOS:0x0 ID:93 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP

[**] ICMP Destination Unreachable (Undefined Code!) [**]
05/03-22:35:27.067786 192.168.1.11 -> 192.168.1.1
ICMP TTL:64 TOS:0xC0 ID:14405 IpLen:20 DgmLen:178
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.1:53 -> 192.168.1.11:1034
UDP TTL:64 TOS:0x0 ID:17419 IpLen:20 DgmLen:150
Len: 130
** END OF DUMP

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-10:59:26.800393 202.216.177.189:1156 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:29581 IpLen:20 DgmLen:1128 DF
***AP*** Seq: 0xCBC3FDE2  Ack: 0x329E90E4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 495211 2830883754 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-11:00:33.815987 202.216.177.189:1168 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:2931 IpLen:20 DgmLen:1108 DF
***AP*** Seq: 0xCF95A3E7  Ack: 0xCD0EC31C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 501913 2830920338 

[**] [122:17:0] (portscan) UDP Portscan [**]
05/04-11:45:44.922555 222.208.168.130 -> 202.216.177.189
PROTO255 TTL:0 TOS:0xC0 ID:12371 IpLen:20 DgmLen:168

[**] [122:17:0] (portscan) UDP Portscan [**]
05/04-12:23:36.850454 61.156.42.117 -> 202.216.177.189
PROTO255 TTL:0 TOS:0xC0 ID:21754 IpLen:20 DgmLen:164

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:00:25.248374 202.216.177.189:1260 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:32525 IpLen:20 DgmLen:1386 DF
***AP*** Seq: 0x8600DE75  Ack: 0x9C1CCC3A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1220993 2831639522 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:00:45.292364 202.216.177.189:1266 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:54515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x87CD7DA3  Ack: 0x2994DA21  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1222997 2831624591 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:14:27.600714 202.216.177.189:1293 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:20803 IpLen:20 DgmLen:1377 DF
***AP*** Seq: 0xB992BB3B  Ack: 0xC698E978  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1305215 2831706745 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:14:38.368729 202.216.177.189:1297 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:21397 IpLen:20 DgmLen:1464 DF
***AP*** Seq: 0xB994BD23  Ack: 0x6BBCD9C4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1306291 2831694944 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:14:45.544951 202.216.177.189:1313 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:20574 IpLen:20 DgmLen:1309 DF
***AP*** Seq: 0xBA92A124  Ack: 0x90538197  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1307008 2831684744 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:26:37.818130 202.216.177.189:1316 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:23025 IpLen:20 DgmLen:1240 DF
***AP*** Seq: 0xE62D5E93  Ack: 0xBC08E031  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1378224 2831779789 

[**] [1:2925:4] INFO web bug 1x1 gif attempt [**]
[Classification: Misc activity] [Priority: 3] 
05/04-13:27:15.098907 202.177.198.92:80 -> 202.216.177.189:1327
TCP TTL:49 TOS:0x0 ID:59698 IpLen:20 DgmLen:231 DF
***AP*** Seq: 0x69DEAA3  Ack: 0xE7F61385  Win: 0x1920  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1660355474 1381949 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:57:44.471418 202.216.177.189:1439 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:3461 IpLen:20 DgmLen:1299 DF
***AP*** Seq: 0x59E3ED5C  Ack: 0xA5D80738  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1564889 2831983469 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:58:41.356595 202.216.177.189:1463 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:6006 IpLen:20 DgmLen:1293 DF
***AP*** Seq: 0x5DB7E065  Ack: 0xDD6C88CB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1570578 2831948348 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:58:58.171380 202.216.177.189:1467 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:56580 IpLen:20 DgmLen:1284 DF
***AP*** Seq: 0x5E4520A4  Ack: 0x3A8FF121  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1572259 2831955801 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/04-13:59:33.430310 202.216.177.189:1469 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:21991 IpLen:20 DgmLen:1299 DF
***AP*** Seq: 0x60415E83  Ack: 0xBBAD09FD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1575785 2831993984 

[**] [122:17:0] (portscan) UDP Portscan [**]
05/04-14:20:04.874568 202.99.172.174 -> 202.216.177.189
PROTO255 TTL:0 TOS:0xC0 ID:7937 IpLen:20 DgmLen:166

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2] 
05/04-14:21:54.727688 61.183.9.49:2680 -> 202.216.177.189:1434
UDP TTL:110 TOS:0x0 ID:44206 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11214][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310]

[**] [1:2050:9] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3] 
05/04-14:21:54.727688 61.183.9.49:2680 -> 202.216.177.189:1434
UDP TTL:110 TOS:0x0 ID:44206 IpLen:20 DgmLen:404
Len: 376
[Xref => http://www.microsoft.com/technet/security/bulletin/MS02-039.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5310]

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/08-07:58:56.633480 192.168.1.11:1100 -> 203.216.227.249:80
TCP TTL:64 TOS:0x0 ID:62540 IpLen:20 DgmLen:986 DF
***AP*** Seq: 0xBA31A941  Ack: 0xB7EA4B0F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 285963 2864370753 

[**] [122:1:0] (portscan) TCP Portscan [**]
05/08-23:37:13.757549 192.168.1.12 -> 192.168.1.11
PROTO255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:159 DF

[**] [122:17:0] (portscan) UDP Portscan [**]
05/09-22:48:09.707860 61.180.228.244 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:5646 IpLen:20 DgmLen:166

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/09-23:19:47.643907 202.216.179.127:1235 -> 210.174.177.175:80
TCP TTL:64 TOS:0x0 ID:62519 IpLen:20 DgmLen:717 DF
***AP*** Seq: 0xB9AE714C  Ack: 0xB0E96358  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 558465 416660113 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/09-23:20:11.825777 202.216.179.127:1236 -> 210.174.177.175:80
TCP TTL:64 TOS:0x0 ID:62897 IpLen:20 DgmLen:880 DF
***AP*** Seq: 0xB9099010  Ack: 0xB0FBDB3A  Win: 0xC050  TcpLen: 32
TCP Options (3) => NOP NOP TS: 560882 416660558 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/09-23:51:49.166145 202.216.179.127:1565 -> 203.216.227.249:80
TCP TTL:127 TOS:0x0 ID:14522 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54768476  Ack: 0x202C145A  Win: 0x4470  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/09-23:52:18.269264 202.216.179.127:1576 -> 203.216.227.249:80
TCP TTL:127 TOS:0x0 ID:14735 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x993193AB  Ack: 0xF5FA8368  Win: 0x4470  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/09-23:52:25.090069 202.216.179.127:1580 -> 203.216.227.249:80
TCP TTL:127 TOS:0x0 ID:14803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x805A2F29  Ack: 0x2097DDD1  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/09-23:54:22.306170 202.216.179.127:1644 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:16433 IpLen:20 DgmLen:814 DF
***AP*** Seq: 0xA28C3A71  Ack: 0x622BBC47  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/09-23:56:13.717347 202.216.179.127:1714 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:18187 IpLen:20 DgmLen:813 DF
***AP*** Seq: 0xC3139FBB  Ack: 0x3832B37F  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/09-23:56:37.403645 202.216.179.127:1720 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:18326 IpLen:20 DgmLen:812 DF
***AP*** Seq: 0xDB34260E  Ack: 0x4FADF472  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/09-23:58:37.828286 202.216.179.127:1487 -> 193.108.154.130:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2767
***AP*** Seq: 0x6EB6D446  Ack: 0xD3CCA112  Win: 0x410A  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/09-23:59:51.358681 202.216.179.127:1799 -> 202.78.208.39:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1761
***AP*** Seq: 0xFCFB232  Ack: 0x79128E44  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:05:16.903519 202.216.179.127:1955 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:25262 IpLen:20 DgmLen:814 DF
***AP*** Seq: 0xD819432E  Ack: 0x6E7508CF  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:07:14.864450 202.216.179.127:1994 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:26143 IpLen:20 DgmLen:814 DF
***AP*** Seq: 0x3817AE94  Ack: 0x48E6C01D  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:07:18.925167 202.216.179.127:2006 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:26462 IpLen:20 DgmLen:813 DF
***AP*** Seq: 0xF6959062  Ack: 0x925C47E7  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:10:12.566269 202.216.179.127:2074 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:28188 IpLen:20 DgmLen:838 DF
***AP*** Seq: 0x2854647  Ack: 0x266C80B5  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:12:31.901476 202.216.179.127:2131 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:29742 IpLen:20 DgmLen:837 DF
***AP*** Seq: 0x44DE734  Ack: 0xAB2AB9A3  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:15:32.398452 202.216.179.127:2182 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:30993 IpLen:20 DgmLen:838 DF
***AP*** Seq: 0xB0A32DF0  Ack: 0x3FAF0DBE  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:16:56.472635 202.216.179.127:2217 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:31862 IpLen:20 DgmLen:837 DF
***AP*** Seq: 0x46686DEF  Ack: 0x6B943335  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-00:21:30.279021 202.216.179.127:2321 -> 202.93.83.143:80
TCP TTL:127 TOS:0x0 ID:34568 IpLen:20 DgmLen:846 DF
***AP*** Seq: 0x60166E6B  Ack: 0xF08378C8  Win: 0x4470  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-01:43:52.133550 202.164.137.21:4314 -> 202.216.179.127:80
TCP TTL:109 TOS:0x0 ID:3668 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x595522BA  Ack: 0xC8F7570C  Win: 0x4470  TcpLen: 20

[**] [122:17:0] (portscan) UDP Portscan [**]
05/10-02:36:33.590309 61.180.228.244 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:48846 IpLen:20 DgmLen:166

[**] [122:17:0] (portscan) UDP Portscan [**]
05/10-05:12:43.754856 221.208.208.101 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:22625 IpLen:20 DgmLen:168

[**] [122:17:0] (portscan) UDP Portscan [**]
05/10-06:28:20.300243 61.180.228.244 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:44572 IpLen:20 DgmLen:166

[**] [122:17:0] (portscan) UDP Portscan [**]
05/10-06:29:58.359738 221.208.208.101 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:4871 IpLen:20 DgmLen:168

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-17:48:57.988931 202.141.136.35:2744 -> 202.216.179.127:80
TCP TTL:108 TOS:0x0 ID:4962 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x298BA1E1  Ack: 0x40BAD215  Win: 0xFAF0  TcpLen: 20

[**] [122:17:0] (portscan) UDP Portscan [**]
05/10-18:00:51.070959 61.180.228.244 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:10836 IpLen:20 DgmLen:166

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
05/10-19:13:29.754441 202.216.179.127:1288 -> 202.93.83.150:80
TCP TTL:127 TOS:0x0 ID:6735 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3383AFD2  Ack: 0x7AD3657D  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/10-19:13:29.800692 202.216.179.127:1288 -> 202.93.83.150:80
TCP TTL:127 TOS:0x0 ID:6737 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3383BB3A  Ack: 0x7AD3657D  Win: 0xFFFF  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/10-19:13:30.081639 202.216.179.127:1288 -> 202.93.83.150:80
TCP TTL:127 TOS:0x0 ID:6753 IpLen:20 DgmLen:197 DF
***AP*** Seq: 0x33840FD2  Ack: 0x7AD3657D  Win: 0xFFFF  TcpLen: 20

[**] [122:17:0] (portscan) UDP Portscan [**]
05/10-21:54:57.391729 61.180.228.244 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:56478 IpLen:20 DgmLen:166

[**] [122:17:0] (portscan) UDP Portscan [**]
05/10-22:03:15.845816 221.208.208.101 -> 202.216.179.127
PROTO255 TTL:0 TOS:0xC0 ID:62454 IpLen:20 DgmLen:168

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/10-22:12:34.975959 202.216.179.127:1708 -> 203.216.227.249:80
TCP TTL:127 TOS:0x0 ID:25458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6FB009D  Ack: 0xBF3018D7  Win: 0xFFFF  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/10-22:29:40.562544 202.216.179.127:1890 -> 202.93.87.248:80
TCP TTL:127 TOS:0x0 ID:28979 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0xD177ACF0  Ack: 0x884536F0  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/10-22:29:48.089274 202.216.179.127:1893 -> 202.93.87.248:80
TCP TTL:127 TOS:0x0 ID:29039 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B7E0560  Ack: 0x4D4B0CD0  Win: 0xFFFF  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
05/10-22:37:16.942790 202.127.144.109:3695 -> 202.216.179.127:80
TCP TTL:113 TOS:0x0 ID:50581 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFC9C4C64  Ack: 0x5DBD601A  Win: 0xFFFF  TcpLen: 20