Code Red aka default.ida?

Forum Moderators: open

Message Too Old, No Replies

Code Red aka default.ida?

Protection Measures?

skirril

10:14 am on Aug 19, 2001 (gmt 0)

Hello,

recently, the so called code red worm is living on the net.

The usual request looks like:

/default.ida?(some letter repeating a lot of times)(payload, usually looks like hex codes with a % in front)

Ofc IP addys vary, but there's usually no referrer.

Does any of you know how to protect against it? (on an Apache server)

Please move to the correct forum, if this doesnt fit. Any way I can block the sites dynamically?

Skirril

Bolotomus

3:54 am on Aug 20, 2001 (gmt 0)

#1 - if you don't use the Windows IIS server you don't need to protect yourself against anything. If you do, you better get the patch right away from microsoft.com or cert.org or someplace

#2 - Block sites dynamically? No need to. Each server will access your machine one time, I believe. Besides, they haven't really done anything wrong, other than using Microsoft products.

Brett_Tabke

9:25 am on Aug 20, 2001 (gmt 0)

Also, grab a site search on "default.ida" - there are about a dozen threads around here on it.