Re: default.ida
From: Erik (Erik_at_nospam.com)
Date: 06/04/03
- Next message: Sue: "Problem with host header name not the same as netbios webserver name"
- Previous message: basura_: "Re: Issue of Certificates"
- In reply to: Ken Reilly: "Re: default.ida"
- Next in thread: Karl Levinson [x y] mvp: "Re: default.ida"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 4 Jun 2003 11:09:21 -0700
The default is under the winnt directory\system32\LogFiles
for IIS. Each website will have its own directory under
LogFiles.
That should allow you to see the logs. I would recommend
installing UrlScan if you haven't done that. That will
take care of Cod Red, Nimda, etc.
>-----Original Message-----
>Thanks Erik.
>
>Where am I looking for these errors...in the same
Firewall report, or logs
>.....?
>
>Ken
>"Erik" <erik@nospam.com> wrote in message
>news:15d001c32ab7$972a0100$a501280a@phx.gbl...
>>
>> >-----Original Message-----
>> >On my Firewall logs on a frequent basis I am getting
the
>> following
>> >message as a destination:
>> http://192.168.1.3/default.ida?. The IP address is
>> >just a web server on a DMZ, but can anyone tell me the
>> significance of the
>> >"default.ida" file?
>> > I'd appreciate any help!!
>> > Ken
>> >
>> >
>> >.
>> >
>>
>> The default.ida is the file that Cod Red exploits. Your
>> firewall is probably stopping the attack. Look for the
>> 404 error, which would mean that your are OK. If it's
>> getting a 200, then you may want to look at the server,
>> which could be compromised.
>
>
>.
>
- Next message: Sue: "Problem with host header name not the same as netbios webserver name"
- Previous message: basura_: "Re: Issue of Certificates"
- In reply to: Ken Reilly: "Re: default.ida"
- Next in thread: Karl Levinson [x y] mvp: "Re: default.ida"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
