"Michael Katz" <mikeat_private> wrote: > Using host headers on IIS servers will likely protect you from > more than 90% of the attacks that are currently circulating, as > most of them rely on scanning and exploitation via > http://yourIPaddress. This is particularly true for Code Red v1 > and v2, the sadmind/IIS worm, the new Code Red II worm > and the common scripted scans for decoding vulnerabilities. > However, you should take the following into consideration: An additional limitation is that some older browsers don't send host headers. That means they can't see your sites, but then again anyone still running a 2.0 browser won't see much of the web anyway. If this method is used, I'd still define a default web site for the IP and take a few additional actions: 1) Restrict anonymous access to the default web to local admin only 2) Restrict access to the default web by IP address to 127.0.0.1 only 3) Remove all permissions from the site (no read, script, exec) 4) Set directory ACL's to no access for all but admin 5) Stop the default web in the MMC It may be overkill, but makes it less likely another admin will come along and "fix" it. Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 12:54:25 PDT