Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Avoiding IIS Logging
From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Tue, 9 Jan 2001 12:38:45 -0800
In my own (very limited) testing in-house, this seemed
to work (i.e., it didn't log) on an old plain vanilla
installed IIS web server, and failed (it did log) on a
newer patched IIS web server.

I am not sure if my test results are 100% tho, since
the one it seemed to work on was password protected
(tho a connection from Internet Explorer was logged
and a connection from avoid.exe was not).

The interesting part of the newest IIS servers logs
was that it displayed what appeared to be a truncated
request ("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
default.asp").

Hope this helps.


 - mch



__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

  By Date           By Thread  

Current thread:
  • Re: [PEN-TEST] Avoiding IIS Logging Mike Ahern (Jan 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]