Well a quick look at header data shows that its another machine running the dot net framework.
HTTP/1.1 302 Found
Connection: close
Date: Wed, 28 Nov 2007 01:13:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://199.8.89.120/Reports/Default.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 157
Another .Net system
People should learn that a multi layer server technology built by monkeys will never be secure, especially with the translation layer allowing you to inject a load of different things into the server.
However this looks a lot more sophisticated.
Hacking/cracking an IIS machine has never been that hard, plus dot net has a load of holes, most of which are still being discovered. even if this one has v2.0, however the uni system looks fairly secure (for a university) and this hack is doing an IIS to Apache which suggests someone with a fair bit of skill.
The fact that they are scanning high ports, targeting apache, and the way this is put together leads me to believe that you are looking at someone who really knows how to take appart multiple systems.
I hope you have an IDS system like SNORT in place, not that it will do much use unless you know how to impliment it properly.
I would also consider remapping as many of your services running on your server to non standard locations, and if you can check if any other IP numbers in your range have been getting probed recently.
Install something like tripwire on your system just in case and I would start looking at all the activities on your mail server.
Also make regular backups and block the entire university range from accessing your system at all.
If someone with this level of skill decides to have a proper go at your system you would want to be well prepared.
