Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

IIS WebDav Denial of Service attacks - Update to SPI Dynamics
From: "Mark Litchfield" <mark () ngssoftware com>
Date: Mon, 2 Jun 2003 14:20:15 -0700
In SPI Dynamics own advisory it mentions that IIS will restart itself -
whilst this is true, by supplying a specific number of bytes, we can
terminate all the threads, but leaving INETINFO still alive.  Despite
INETINFO not dying, the process will no longer serve any requests.

This provides a more effective denial of service attack as the administrator
would be required to restart the service manually.

Again, if you have not yet patched your servers, the patch can be obtained
at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-018.asp

Regards

Mark Litchfield
NGS Software Ltd
http://www.ngssoftware.com/
Tel: +44 208 40 100 70 (London)
Tel: +44 1241 431 267
Mobile: +44 790 069 5236
Email: mark () ngssoftware com

  By Date           By Thread  

Current thread:
  • IIS WebDav Denial of Service attacks - Update to SPI Dynamics Mark Litchfield (Jun 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]