Re: default.ida
From: Ken Reilly (kreilly_at_meathcoco.ie)
Date: 06/04/03
- Next message: Karl Levinson [x y] mvp: "Re: default.ida"
- Previous message: Karl Levinson [x y] mvp: "Re: Setmaxurllength is it included in IISLockd/Urlscan"
- In reply to: Erik: "default.ida"
- Next in thread: Erik: "Re: default.ida"
- Reply: Erik: "Re: default.ida"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 4 Jun 2003 17:53:14 +0100
Thanks Erik.
Where am I looking for these errors...in the same Firewall report, or logs
....?
Ken
"Erik" <erik@nospam.com> wrote in message
news:15d001c32ab7$972a0100$a501280a@phx.gbl...
>
> >-----Original Message-----
> >On my Firewall logs on a frequent basis I am getting the
> following
> >message as a destination:
> http://192.168.1.3/default.ida?. The IP address is
> >just a web server on a DMZ, but can anyone tell me the
> significance of the
> >"default.ida" file?
> > I'd appreciate any help!!
> > Ken
> >
> >
> >.
> >
>
> The default.ida is the file that Cod Red exploits. Your
> firewall is probably stopping the attack. Look for the
> 404 error, which would mean that your are OK. If it's
> getting a 200, then you may want to look at the server,
> which could be compromised.
- Next message: Karl Levinson [x y] mvp: "Re: default.ida"
- Previous message: Karl Levinson [x y] mvp: "Re: Setmaxurllength is it included in IISLockd/Urlscan"
- In reply to: Erik: "default.ida"
- Next in thread: Erik: "Re: default.ida"
- Reply: Erik: "Re: default.ida"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
