You should be using some form of I&A with your DHCP server that allocates your dynamic addresses. You then need to correlate the IP addresse being used by the CodeRed worm with your DHCP logs to determine the customer with which you are having problems. If you do not have any I&A before allocating an IP address, or no logs to associate who was given which IP address at what times, you have bigger security problems than just one customer infected with CodeRed.
Dig deeper on Web Server Threats and Countermeasures
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.