tbird, Actually if you are using the UrlScan.dll then it will get stoped and logged in the urlscan.log file. So IDS is not the only way and the UrlScan is a free utility from M$. Imagine that! Free! hmm... ;-) ----- Original Message Follows ----- > Hi all -- > > It would appear that exploits of MS03-007 are not going to > create entries in the IIS access logs. IIS doesn't log > until a client request is finished processing. When the > WebDAV vector is used to overflow whatever-it-is in > ntdll.dll, the client request never finishes, so no log > message is ever created. > > There's no reason I can think of to expect this to create > anything in the Event Log, either. So looks to me like > the only way to see this will be with network-based IDS -- > or maybe one of the host IDS systems that captures > information on privilege escalation and kernel calls on > Windows boxes (and I'm not sure that such a thing even > exists yet). Although boy I'd be delighted to find out I > was wrong about this... > > Thanks to Rainer Gerhards, who's taught me nearly > everything I know about IIS workflow and logging. > > tbird > > -- > "I knew it! I knew it! Well, not in the sense of having > the slightest idea, but I knew there was something I > didn't know." > -- Willow, from "Buffy > the Vampire Slayer" > > http://www.shmoo.com/~tbird > Log Analysis http://www.loganalysis.org > VPN http://vpn.shmoo.com > > > _______________________________________________ > LogAnalysis mailing list > LogAnalysisat_private > http://lists.shmoo.com/mailman/listinfo/loganalysis =========================== Kevin W. Gagel Network Administrator College of New Caledonia gagelat_private (250) 561-2131 loc 448 -------------------------------- The College of New Caledonia Visit us at http://www.cnc.bc.ca -------------------------------- _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 13:58:15 PST