Hi all, after some testing I noticed that SecureIIS 1.0.6 does not protect IIS 5.0 from ISAPI DoS attack. In the attachment is isapi-dos2.c and isapi.exe cygwin compilation. After attack with this exploit IIS is down. In SecureIIS i have very restrictive polices, but anyway it did not manage to protect it from this kind of attack. To try isapi.exe you must have cygwin1.dll Does anyone have similar experience? -- Best regards, Crussaider mailto:crussaiderat_private
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 14:31:58 PDT