Renauld, I agree that without check for an IP value my script may give a lot of false positives. IP value check can be easily added to the script. The reason for creating another script to detect IIS IP was that the iis_nat script will miss detection of the IIS IP address in many cases. It will return a result only in the case where IIS is serving a static HTML page as a startup page (which is not even MS default IIS setup). > Your script will false positive on any host that has a redirection set > for the main page (ie: many) - you should at least make sure the > Location: field shows an IP adress. > > > I fail to see the difference with iis_nat.nasl though. Redirections > exist, they're not a security flaw per se. My script is not running check on the main page or looking for redirections, but rather sends a "HEAD /existingIISdirectoryname HTTP/1.0" request to IIS, which reveals IIS IP address if IIS is not properly configured. This script is not something new, but rather an addition to an existing iis_nat script to increase Nessus chances of detecting internal IIS IP address which is a security risk and where iis_nat.nasl will miss find it. Alex.
This archive was generated by hypermail 2b30 : Wed Feb 26 2003 - 10:29:36 PST