A web server (R7 in this case) was attacked on the network.
The nature of the attack could not be characterized.
The attack was targeted to the web server on port 80.
Notice a unique pattern in all the GET requests—the use of cmd.exe to penetrate /browse through it. cmd.exe is the command shell access in Windows.
As mentioned, the attack is from a random source IP. You cannot configure any ACL on Layer 3 or Layer 4 information provided in sniffer captures, as per the restriction.
Mitigate this attack by classifying inbound packets on entry points on R7 (VLAN-6 and ATM ...