Re: iis 6.0/win2k3 and isa vulnerability

From: Ken Schaefer (kenREMOVE_at_THISadopenstatic.com)
Date: 11/02/04

  • Next message: Ken Schaefer: "Re: IIS 6.0 and win2k3 vulnerabilities"
    Date: Tue, 2 Nov 2004 13:48:36 +1100
    
    

    Please see answer in the inetserver.iis group

    Cheers
    Ken

    "gotenks" <gotenks@dragonball.z> wrote in message
    news:32b001c4c054$694ac470$a301280a@phx.gbl...
    >I ran a nessus (free open source vulnerability scanner)
    > scan on my 'public-ip/web server'. It was able to
    > identify the version of ISA and IIS that i was running.
    > It also reported a MS Predictable TCP sequence
    > vulnerability, i dont know if it was referring to
    > Win2k3/IIS 6.0 or ISA2K. The recommendation for the tcp
    > sequence vulnerability was to get a patch from the
    > vendor? It also recommended to use URLSCAN to hide the
    > identity of IIS 6.0? Does anyone know how i can get that
    > patch from MS for the tcp sequence vulnerability, and how
    > to configure urlscan to hide the IIS version im using?


  • Next message: Ken Schaefer: "Re: IIS 6.0 and win2k3 vulnerabilities"