Re: New and unique IIS log entries.
From: Michael Mayo (m.mayo_at_LACS.UTEXAS.EDU)
Date: 06/13/03
- Previous message: QS=E4rs=2C_Camillo=22?=: "Re: Chat with MS!"
- Maybe in reply to: Ken Goods: "New and unique IIS log entries."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Jun 2003 07:51:16 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
It was likely someone on this list that pointed this out, but you can *help*
protect your IIS server from new threats by telling it to respond only when
the domain name is presented (not ip addresses). This can really limit the
impact of those worms that search by random/semi-random ip addresses.
You can do this by going to your Web site's properties, clicking the
advanced button in the frame labeled "Web Site Identification", clicking
add, and putting in the Web address.
Now, attempts to reach your site using the ip address or an un-authorized
URL result in 404's that don't show up in your log file. In addition, the
person who originally posted this info tested existing IIS exploits on the
ip address and found that the server in question was not affected until he
allowed ip address requests through.
I wish I could find his original message but I can't, perhaps he will
elaborate once more if that individual reads this list.
-- Michael Mayo > -----Original Message----- > From: Ken Goods [mailto:KGoods@AIAINSURANCE.COM] > Sent: Thursday, June 12, 2003 12:15 PM > To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM > Subject: New and unique IIS log entries. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by TruSecure oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Free 14-day trial of New Threat & Vulnerability Notification Service TruSecure's new IntelliShield(tm) web-based threat and vulnerability service isn't your typical alert service. Supported by TruSecure's vast intelligence resources - including the ICSA Labs - IntelliShield's early warning, analysis, decision support, and threat management tools provide organizations with unmatched intelligence to better protect critical information assets. Experience it for yourself - just click below to begin your free, no obligation 14-day trial today! http://www.trusecure.com/offer/s0074/ oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: QS=E4rs=2C_Camillo=22?=: "Re: Chat with MS!"
- Maybe in reply to: Ken Goods: "New and unique IIS log entries."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
