Code Red requests for /default.ida

We receive a large number of messages from system administrators who see requests
for /default.ida in their Apache access logs. The requests look similar to this:

192.168.2.12 - - [19/Jul/2001:16:55:47 +0100] "GET /default.ida?NNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
  HTTP/1.0" 400 252 -

If you are running Apache there is nothing to worry about, these requests are part
of the Code Red Worm designed to search out vulnerable IIS servers running on Windows.
You can quite happily ignore these requests

Other common requests

Other common log entries you might see include:

     Requests for robots.txt in the root directory. These requests are
     normally automatically made by robots which will analyse the contents
     of this file to see what files and directories they are not allowed
     to access. The format of the robots.txt file is given in the HTML 4 Specification. 

     Requests for favicon.ico in various directories (first seen in April 1999).
     Microsoft Internet Explorer version 5 and above can display a site-defined icon
     when a site's URL is displayed in a favourites list.
     This icon is obtained by asking the site for favicon.ico.
     If the URL contains slash characters (normally used to represent a directory
     hierarchy), MSIE 5 will request "favicon.ico" in each parent directory until
     it finds one or reaches the root. The format of the favicon.ico file is the
     Microsoft icon format. To see this 'feature' in action, bookmark this page
     using MSIE. 

     Requests for cmd.exe in various directories. These are usually attempts to
     exploit various security vulnerabilities that affect Microsoft IIS servers.