Code Red (II) Question
Don Erickson
derick at shark.zeni.net
Wed Aug 8 01:54:22 CDT 2001
In article <ECELJBEDJNBKJAFCILGJOENBCAAA.sbrendtro at home.com> you write:
>Just a quick question... I am running Apache on Win2000 on Port 80. I don't
>have IIS installed at all. I should be safe, right? I wouldn't dare run a
>Microsoft server on a Microsoft OS... that is just asking for trouble :)
I understand that IIs runs by default on Win2000, as many configuration
utilities depend on it for remote administration. I have no experience
with Win2000 or NT, but if you've replaced IIs with Apache then you would
have to be immune from this attack. The "scans" are actually an attempt
to "GET
default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%
HTTP/1.0"
I think .ida files are some remote indexing executable? Not sure.
Regards,
-Don
--
.sig lite
More information about the Kclug
mailing list