This filters is from 

Larry W. Kalyniak                     		
 Manager, Systems Development,
 Court Information Systems 			
 Dept of Justice, Prov. of Manitoba. 
 Ph: 945-3806  Fax: 945-2531 


#------------------------------------------------------#
# Drop all CODE-RED requests                           #
#------------------------------ -----------------------#
DROP-CODE-RED           Filter-Status = Always,
                        Filter-Root = Yes,
                        Comment = "Drop code red probes",
                        Filter-Scope = Incoming-Packets,
                        Protocol = TCP,
                        Port = 80,
                        Offset-Relativity = Data-Start,
                        Offset = Search-All,
                        Hex-String = "\x64\x65\x66\x61\x75\x6C\x74\x2E\x69\x64\x61",
                        Action = Drop-Packet,


note that it assumes that you are NOT running an IIS
server behind the firewall as this filter drops all requests to Default.ida,
not just specific Code Red requests..