In Black ICE, I frequently get a series of attacks which are a string of UDP + TCP port scans, plus the IIS system 32 command, from the same user, in rapid succession. Can someone tell me exactly what they are doing? (Yes, I have IIS running). Are they running some kind of script or special program that is looking for this vulnerability? If so, what program? Where can I find documentation? I repeat, I get this same attack frequently, so I imagine it's automated somehow - I just would like to know the details about exactly what they are doing on their end - ie. what program, etc. Appreciate the help.