Re: default.ida

From: Ken Reilly (kreilly_at_meathcoco.ie)
Date: 06/04/03


Date: Wed, 4 Jun 2003 17:53:14 +0100


Thanks Erik.

Where am I looking for these errors...in the same Firewall report, or logs
....?

Ken
"Erik" <erik@nospam.com> wrote in message
news:15d001c32ab7$972a0100$a501280a@phx.gbl...
>
> >-----Original Message-----
> >On my Firewall logs on a frequent basis I am getting the
> following
> >message as a destination:
> http://192.168.1.3/default.ida?. The IP address is
> >just a web server on a DMZ, but can anyone tell me the
> significance of the
> >"default.ida" file?
> > I'd appreciate any help!!
> > Ken
> >
> >
> >.
> >
>
> The default.ida is the file that Cod Red exploits. Your
> firewall is probably stopping the attack. Look for the
> 404 error, which would mean that your are OK. If it's
> getting a 200, then you may want to look at the server,
> which could be compromised.