Re: win2k3 and isa2k vulnerability scan

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 11/02/04

Next message: Bigbruva: "Re: Applications that require Internet access"
Previous message: GH-HP: "Re: Applications that require Internet access"
In reply to: gotenks: "win2k3 and isa2k vulnerability scan"
Next in thread: Bigbruva: "Re: win2k3 and isa2k vulnerability scan"
Reply: Bigbruva: "Re: win2k3 and isa2k vulnerability scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 2 Nov 2004 13:05:02 +1100

I'd say that the predictable TCP sequence vulnerability is not much of a
vulnerability: it allows, under certain condition, to insert man in the
middle and take over TCP sesion - of course, full access to the
communication line and not protection (IPsec/SSL) are the conditions. I
don't remember any patch for this "vulnerability" and I wouldn't worry about
it.

How to configure URLscan to hide IIS version:
http://support.microsoft.com/?id=317741 This is security through obcurity,
which is not security - most potential "hackers" will just unleash all their
exploits against your site (just like you've done with your Nessus scan),
regardless of the version, or will get information from other sources than
banner grabbing.

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"gotenks" <gotenks@dragonball.z> wrote in message
news:0e4e01c4c053$57a77f70$a501280a@phx.gbl...
> I ran a nessus (free open source vulnerability scanner)
> scan on my 'public-ip/web server'. It was able to
> identify the version of ISA and IIS that i was running.
> It also reported a MS Predictable TCP sequence
> vulnerability, i dont know if it was referring to
> Win2k3/IIS 6.0 or ISA2K. The recommendation for the tcp
> sequence vulnerability was to get a patch from the
> vendor? It also recommended to use URLSCAN to hide the
> identity of IIS 6.0? Does anyone know how i can get that
> patch from MS for the tcp sequence vulnerability, and how
> to configure urlscan to hide the IIS version im using?

Next message: Bigbruva: "Re: Applications that require Internet access"
Previous message: GH-HP: "Re: Applications that require Internet access"
In reply to: gotenks: "win2k3 and isa2k vulnerability scan"
Next in thread: Bigbruva: "Re: win2k3 and isa2k vulnerability scan"
Reply: Bigbruva: "Re: win2k3 and isa2k vulnerability scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

IIS 6.0 and win2k3 vulnerabilities
... I ran a nessus (free open source vulnerability scanner) ... identify the version of ISA and IIS that i was running. ... It also reported a MS Predictable TCP sequence ... to configure urlscan to hide the IIS version im using? ...
(microsoft.public.inetserver.iis.security)
isa2k and iis 6.0/win2k3
... I ran a nessus (free open source vulnerability scanner) ... identify the version of ISA and IIS that i was running. ... It also reported a MS Predictable TCP sequence ... to configure urlscan to hide the IIS version im using? ...
(microsoft.public.isa.enterprise)
isa2k and iis 6.0/win2k3
... I ran a nessus (free open source vulnerability scanner) ... identify the version of ISA and IIS that i was running. ... It also reported a MS Predictable TCP sequence ... to configure urlscan to hide the IIS version im using? ...
(microsoft.public.isa)
iis 6.0/win2k3 and isa2k vulnerability
... I ran a nessus (free open source vulnerability scanner) ... identify the version of ISA and IIS that i was running. ... It also reported a MS Predictable TCP sequence ... to configure urlscan to hide the IIS version im using? ...
(microsoft.public.inetserver.iis)
win2k3 and isa2k vulnerability scan
... I ran a nessus (free open source vulnerability scanner) ... identify the version of ISA and IIS that i was running. ... It also reported a MS Predictable TCP sequence ... to configure urlscan to hide the IIS version im using? ...
(microsoft.public.security)