Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Fwd: Information on MS99-022
From: vanja () SIAMRELAY COM (Vanja Hrustic)
Date: Mon, 5 Jul 1999 04:08:04 +0700

At 10:36 PM 7/4/99 +1000, Darren Reed wrote:
I would hazard a guess that the number of custom IDS systems in place is
a small number, so if you compare the number of hackers who would gain
information on how to exploit this feature and otherwise wouldn't (i.e.
script kiddies) and weigh that against those that run custom IDS solutions,
I think the scales will tip in favour of the script kiddies.  I say that

According to this logic, eEye shouldn't have publish their IIS4 advisory at
all. Many script kiddies got the information (and tools) on how to exploit
the vulnerability.

because if you have your own IDS system, chances are you've built it on
a Unix system and hence run Unix elsewhere through your firewall, etc,
and wouldn't need to worry about this threat because you don't have IIS4.0
on any critical systems.  Does that make some sense ?


Just to clarify something (the main reason why I actually replied):

I live/work in Asia - which is the main reason why I'm not happy with the
Microsoft approach.

US/Europe/Australia are not worried about this issue. But Asia is. And I
need to deal with customers who also have IIS4. Reason enough to be worried.

Looking at the 'business side', if I need to make a 'blind' intrusion test
(no information supplied by the customer at all), how can I state that IIS4
is vulnerable or not? I can't - but the "security vendor" can. Not really
fair ;)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]