From: Ken Reilly (kreilly_at_meathcoco.ie)
Date: Wed, 4 Jun 2003 17:53:14 +0100
Where am I looking for these errors...in the same Firewall report, or logs
"Erik" <firstname.lastname@example.org> wrote in message
> >-----Original Message-----
> >On my Firewall logs on a frequent basis I am getting the
> >message as a destination:
> http://192.168.1.3/default.ida?. The IP address is
> >just a web server on a DMZ, but can anyone tell me the
> significance of the
> >"default.ida" file?
> > I'd appreciate any help!!
> > Ken
> The default.ida is the file that Cod Red exploits. Your
> firewall is probably stopping the attack. Look for the
> 404 error, which would mean that your are OK. If it's
> getting a 200, then you may want to look at the server,
> which could be compromised.