Re: iis 6.0/win2k3 and isa vulnerability
From: Ken Schaefer (kenREMOVE_at_THISadopenstatic.com)
Date: Tue, 2 Nov 2004 13:48:36 +1100
Please see answer in the inetserver.iis group
"gotenks" <firstname.lastname@example.org> wrote in message
>I ran a nessus (free open source vulnerability scanner)
> scan on my 'public-ip/web server'. It was able to
> identify the version of ISA and IIS that i was running.
> It also reported a MS Predictable TCP sequence
> vulnerability, i dont know if it was referring to
> Win2k3/IIS 6.0 or ISA2K. The recommendation for the tcp
> sequence vulnerability was to get a patch from the
> vendor? It also recommended to use URLSCAN to hide the
> identity of IIS 6.0? Does anyone know how i can get that
> patch from MS for the tcp sequence vulnerability, and how
> to configure urlscan to hide the IIS version im using?