Re: [NTSEC] IIS 4 Request Logging Security Advisory

From: Information Services (omigoshat_private)
Date: Fri Jan 22 1999 - 04:13:29 PST

Next message: Joel Moses: "IE4 Persistent Connection Bug"

Previous message: //Stany: "CERT Advisory CA-99.01 - TCP.Wrappers (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi David:

I tried the AVOID.EXE from my Win98 PC and pointed it at my
www.spiceisle.com webserver, which is running NT4/IIS3/SP4 with the IIS GET
hotfix.

The following was reported in the IIS log file:

nnn.nnn.nnn.nnn,-,22/01/99,07:57:37,W3SVC,WWW,205.214.207.98,401,10183,101,4
00,0,-,-,-,

  where nnn.nnn.nnn is the IP address of my workstation.


AVOID.EXE returned the following information in the DOS window that I ran it
from:

        C:\download>avoid www.spiceisle.com

        HTTP/1.0 400 Bad Request
        Content-Type: text/html

        <body><h1>HTTP/1.0 400 Bad Request
        </h1></body>•c
        HTTP/1.0 400 Bad Request
        Content-Type: text/html

        <body><h1>HTTP/1.0 400 Bad Request
        </h1></body>•c


Looks like the server's safe once SP4 and the IIS GET hotfix are loaded.


HTH,
Brian Steele

Next message: Joel Moses: "IE4 Persistent Connection Bug"
Previous message: //Stany: "CERT Advisory CA-99.01 - TCP.Wrappers (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:51 PDT