This is not something big and I don't consider it a bug but it's something that migh be usefull when trying to brake an IIS server. I don't have a copy of the software so I don't know if this is cause by misconfiguration or something else. While debugging after someone mentionned a problem with an early version of Metis 1.1, I saw that you can detect the presence of the SecureIIS product from Eeye by issuing an HEAD request on any files or folder and looking at the return data. The SecureIIS will return HTTP error code 406 (Not Acceptable), Content-Length: 1176 and Content-Type: text/html. It will also announce itself in the reply message. Here is an example E:\Metis>nc -v www.site.com 80 www.site.com [111.111.111.111] 80 (http) open HEAD / HTTP/1.1 406 Server: Microsoft-IIS/4.0 Date: Tue, 22 Jan 2002 02:23:42 GMT Content-Type: text/html Content-Length: 1176 <HTML> <BODY text=#000000 vLink=#ff9900 link=#ff9900 bgColor=#ffffff> <TABLE cellSpacing=5 cellPadding=3 width=400> <TBODY> <TR> <TD vAlign=center align=left width=400><FONT face=Verdana,Arial,Helvetica size=2><FONT size=3><B>SecureIIS application firewall security alert</B></FONT><BR><BR><BR>HTTP Request caused a security alert, please contact our web master if you are getting this alert in error.<BR><BR> <HR> <BR><B>What is SecureIIS</B><BR>SecureIIS offers websites running Microsoft Internet Information Server a broad range of protection from common vulnerabilities, both known and unknown. Because SecureIIS does not protect against specific vulnerabilities, but classes of vulnerabilities, it allows for a much more far reaching layer of security. <BR><BR> <HR> <BR>For more information on SecureIIS, please visit <A href="http://www.eeye.com/SecureIIS/">http://www.eeye.com/SecureIIS/><B R><BR><B><FONT color=#ff7000>eEye</FONT>Ö Digital Security</B> - <I>Vulnerability Is Over...</I></FONT></TD></TR></TBODY></TABLE></BODY></HTML> --------- Sacha Faust sachaat_private Metis : http://www.ideahamster.org/tid.htm ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jan 22 2002 - 11:52:54 PST