with iptable you can look into the tcp-traffic using the mangle-option. By letting through only established ipconnections, you can filter out connections like that from scannern or connections that use a not related protocoll that is allowed on that port. At least read the man pages and the Linux Advanced Routing & Traffic Control HOWTO before you post on the subject. Your statement is quite wrong and confuses many concepts and facts. For one thing, "mangle" is not an option to look into traffic. It is one of the various tables (specifically inteded for packet alteration) of rules that iptables manages.
2) Code red is a worm and it's propagation does not relate to it also being a trojan. Ok the security-risk is not so much. That is only a act of cling. No. The question was "how do I protect my webserver from getting affected by this traffic". That relates to the worm capabilities and has nothing to do with the fact that the thing also happens to be a trojan.
Code red in fact uses http over port 80. In fact a mighty security suggestion: block port 80 towards your web-server. Block port 80 for some known adresses and mangle the connections on port 80 toward your webserver. Blocking all toward the webserver can cause that no webpages can be requested from outsite. I think. Sigh... OK, I forgot the <joke> and </joke> quotes around this statement. Anybody else got confused there?
I'm not going to reply to this nonsense anymore. Peter PS. And please simply post to the list; most posters read it and do not require the carbon copy. Thanks.