I ran the script and it didn't find anything, but it said at the end of scipt's log something about "default.ida". How can I know the meaning of the number at the end of each line (in this case "302"? #Software: Microsoft Internet Information Services 5.0 #Version: 1.0 #Date: 2001-08-08 00:48:40 #Fields: time c-ip cs-method cs-uri-stem sc-status 00:48:40 211.170.96.6 GET /default.ida 302 01:31:24 193.12.13.24 GET /default.ida 302 01:53:28 193.230.138.138 GET /default.ida 302 03:37:28 193.255.198.21 GET /default.ida 302 03:54:31 193.230.138.138 GET /default.ida 302 05:20:25 193.171.7.35 GET /default.ida 302 06:56:10 193.230.219.230 GET / 302 -----Original Message----- From: Javier Gonzalez [mailto:Javier@xxxxxxxxxx] Sent: miercuri 8 august 2001 10:36 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Code Red Sniffer http://www.ISAserver.org I've only this type of trace in my c:\winnt\system32\logfiles\w3svc1\ex010808.log #Software: Microsoft Internet Information Server 4.0 #Version: 1.0 #Date: 2001-08-08 00:00:39 #Fields: time c-ip cs-method cs-uri-stem sc-status 00:00:39 62.22.113.134 GET /default.ida 400 00:02:42 62.22.113.134 GET /default.ida 400 00:25:05 62.22.113.134 GET /default.ida 400 00:27:07 62.22.113.134 GET /default.ida 400 00:29:09 62.22.113.134 GET /default.ida 400 00:30:20 192.168.1.22 - - 200 00:31:12 62.22.113.134 GET /default.ida 400 and so on .... Nothing in the proxy logs, neither packet filter, nor w3 nor ws. Javier.