Home page logo

bugtraq logo Bugtraq mailing list archives

From: Crussaider <crussaider () globalnet hr>
Date: Wed, 27 Jun 2001 00:56:48 +0200

        Hi all,

        after some testing I noticed that SecureIIS 1.0.6 does not
        protect IIS 5.0 from ISAPI DoS attack. In the attachment is
        isapi-dos2.c and isapi.exe cygwin compilation.

        After attack with this exploit IIS is down. In SecureIIS i
        have very restrictive polices, but anyway it did not manage to
        protect it from this kind of attack.
        To try isapi.exe you must have cygwin1.dll

        Does anyone have similar experience?

Best regards,
 Crussaider                          mailto:crussaider () globalnet hr

Attachment: isapi-dos2.c

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]