Code Red (II) Question
    Don Erickson 
    derick at shark.zeni.net
       
    Wed Aug  8 01:54:22 CDT 2001
    
    
  
In article <ECELJBEDJNBKJAFCILGJOENBCAAA.sbrendtro at home.com> you write:
>Just a quick question... I am running Apache on Win2000 on Port 80.  I don't
>have IIS installed at all.  I should be safe, right?  I wouldn't dare run a
>Microsoft server on a Microsoft OS... that is just asking for trouble :)
I understand that IIs runs by default on Win2000, as many configuration
utilities depend on it for remote administration.  I have no experience
with Win2000 or NT, but if you've replaced IIs with Apache then you would
have to be immune from this attack.  The "scans" are actually an attempt
to "GET 
default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%
HTTP/1.0"
I think .ida files are some remote indexing executable?  Not sure.
Regards,
-Don
-- 
 .sig lite
    
    
More information about the Kclug
mailing list