Dealing with Nimda and Code Red

But they attack IIS, not Apache
Servers get slow
Log files file up disk space
Stopping it before it starts
Look for a predictable string in Nimda
GET /scripts/root.ex
GET /scripts/..%
GET /MSADC
GET /msadc
GET /c/winnt
GET /d/winnt
GET /_mem_bin/..
GET /_vti_bin/..
And Code Red
GET /default/ida?
Filtering is not always perfect