mailing list archives
ISAPI and SECUREIIS
From: Crussaider <crussaider () globalnet hr>
Date: Wed, 27 Jun 2001 00:56:48 +0200
after some testing I noticed that SecureIIS 1.0.6 does not
protect IIS 5.0 from ISAPI DoS attack. In the attachment is
isapi-dos2.c and isapi.exe cygwin compilation.
After attack with this exploit IIS is down. In SecureIIS i
have very restrictive polices, but anyway it did not manage to
protect it from this kind of attack.
To try isapi.exe you must have cygwin1.dll
Does anyone have similar experience?
Crussaider mailto:crussaider () globalnet hr
- ISAPI and SECUREIIS Crussaider (Jun 27)