Home page logo
/

bugtraq logo Bugtraq mailing list archives

ISAPI and SECUREIIS
From: Crussaider <crussaider () globalnet hr>
Date: Wed, 27 Jun 2001 00:56:48 +0200



        Hi all,

        after some testing I noticed that SecureIIS 1.0.6 does not
        protect IIS 5.0 from ISAPI DoS attack. In the attachment is
        isapi-dos2.c and isapi.exe cygwin compilation.

        After attack with this exploit IIS is down. In SecureIIS i
        have very restrictive polices, but anyway it did not manage to
        protect it from this kind of attack.
        To try isapi.exe you must have cygwin1.dll

        Does anyone have similar experience?
        


-- 
Best regards,
 Crussaider                          mailto:crussaider () globalnet hr

Attachment: isapi-dos2.c
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]