I should clarify when I say 'up to the web server to throw out invalid requests.' By that I mean, to deal with requests that are valid, but exploit bugs/errors in said webserver. -----Original Message----- From: Shayne Lebrun Sent: Monday, August 20, 2001 9:15 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: CODE RED!!!!!!!!! http://www.ISAserver.org 200 does NOT mean that you're infected. 200 means simply that the HTTP request matched a valid ISA web publishing rule, and therefore was allowed to go through. Believe it or not, most of these are quite valid HTTP requests, if a bit on the longish side. It's up to the webserver itself to throw out invalid requests, and that means running patches that guard against these things. Although I have been idly toying with the idea of a 'site and content rule' that would block any request to default.ida. Haven't looked into it, though, to see if it's feasable. -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Monday, August 20, 2001 8:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: CODE RED!!!!!!!!! http://www.ISAserver.org I would say the 200 at the end of your log entry could mean that you were infected: 200 - OK Message - the requested HTTP page was fulfilled. If ISA server blocks the item via the default rule then the log entry would show 12206. Joseph -----Original Message----- From: Sharma, Shobha [mailto:c-ssharma@xxxxxxxxxxx] Sent: Monday, August 20, 2001 5:35 AM To: [ISAserver.org Discussion List] Subject: [isalist] CODE RED!!!!!!!!! http://www.ISAserver.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: slebrun@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: slebrun@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')