Re: Yet another IIS compromise
From: Bronek Kozicki (brok_at_rubikon.pl)Date: 07/18/01
- Vorherige Nachricht: Robert Collins: "Re: Your Virus Protection Programs"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
> The most effective way to limit your risk here is to open up the mmc and
> verify all of the websites do not have the (all unassigned) setting in
> the ip address. By default Microsoft configures the default site with
> all unassinged.
Hello,
here are my 0.02 EU:
1. never, ever run default web site in production environment
2. you may examine _exactly_ how W3SVC is configured using metaedit, which
can be downloaded from
http://support.microsoft.com/support/kb/articles/q232/0/68.asp ;
documentation of metabase values can be found in Platform SDK. It's also
usefull for quick metabase backup.
3. I though that W3SVC will always bind to all IP configured addresses;
however, I was wrong. It's default behaviour, which can be changed in
metabase; visit
http://support.microsoft.com/support/kb/articles/Q238/1/31.ASP . You may
also want to read articles Q300509 and Q300238
4. in case you do not want to edit metabase (it can be dangerous, similary
to editing registry) you may just firewall unneeded IP addresses. If you do
not have external firewall, you may use IPSec policies for this purpose.
Regards
B.
- Vorherige Nachricht: Robert Collins: "Re: Your Virus Protection Programs"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
Relevant Pages
|
