"GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 629 "-" "-"

My web logs are filling up with this same junk. Most of the origin machines are from home cable/dsl providers.

Is everybody else ignoring these or blocking them? Even though they can't do us any harm.

I think that might be Code Red but I'm not sure.... I don't really care, though; it affects un-patched Windows machines/not me. The scans themselves are harmless to secured systems.

By all means keep an eye on it but I don't envisage these scans coming to an end any time soon. If you see persistent attacks then you might want to report it to their ISP but it's unlikely any action will be taken..

alex

Yep, code red:

http://www.ciac.org/ciac/bulletins/l-117.shtml

for quite a bit of information on it. I'm a little amazed this one's still around really. It's been a long time since it was fixable.

I just ignore it. It just affects windows machines. And it's good to know who's hitting you. The logs can't be that much.