ISAPI and SECUREIIS

From: Crussaider (crussaiderat_private)
Date: Tue Jun 26 2001 - 15:56:48 PDT

Next message: Ofir Arkin: "Identifying OpenBSD 2.6-2.9 based machines using ICMP Port Unreachables"

Previous message: Joost Pol: "gnats update"
Next in thread: Marc Maiffret: "RE: ISAPI and SECUREIIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

        Hi all,

        after some testing I noticed that SecureIIS 1.0.6 does not
        protect IIS 5.0 from ISAPI DoS attack. In the attachment is
        isapi-dos2.c and isapi.exe cygwin compilation.

        After attack with this exploit IIS is down. In SecureIIS i
        have very restrictive polices, but anyway it did not manage to
        protect it from this kind of attack.
        To try isapi.exe you must have cygwin1.dll

        Does anyone have similar experience?
        


-- 
Best regards,
 Crussaider                          mailto:crussaiderat_private

application/octet-stream attachment: isapi-dos2.c

Next message: Ofir Arkin: "Identifying OpenBSD 2.6-2.9 based machines using ICMP Port Unreachables"
Previous message: Joost Pol: "gnats update"
Next in thread: Marc Maiffret: "RE: ISAPI and SECUREIIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 14:31:58 PDT