Re: IPS log analysis

[erika_cissp () yahoo com]

This is from TippingPoint central management console.

I'd really like to know:

How they are forging the source IP to appear as if it is on the same class C as the destination (There should be no 
traffic to this DB)

What they are trying to do. I did some research and it looks as if they are trying to change the password and then run 
an executable. 

Any ideas? Thanks in advance