Security Basics mailing list archives
Re: Microsoft Urlscan Filter v3.0
From: "Jorge L. Vazquez" <jlvazquez825 () gmail com>
Date: Fri, 29 Aug 2008 01:29:26 -0400
amatachick () gmail com wrote:
I'm looking into throwing this on our IIS servers and wanted to get feedback from y'all on two things: 1) Would this count as a Web Application Firewall? The reason I ask is for possible PCI Compliance benefits. 2) Has anyone used this and, if so what problems did you run into? This would be installed onto boxes running Windows Server 2003 and IIS versions 5 and 6. For convenience sake, here is the link to the Microsoft page talking about this tool: http://www.microsoft.com/downloads/details.aspx?FamilyId=EE41818F-3363-4E24-9940-321603531989&displaylang=en#Instructions Doing some Googling I also found this site kinda helpful but it still doesn't answer the above questions. http://learn.iis.net/page.aspx/473/using-urlscan Thanks in advance!!
one of the thing that urlscan does, is that it protects your web server from been fingerprinted, for example when using network scanners like nmap or nikto to do a server fingerprint, I know for a fact that when urlscan is intalled on the server, nmap fails to fingerprint the server, and also nikto, the one that comes closest to detecting the type of server is httprint, and what it does it takes an educated guess and it gives you the porcentage of how sure it is, and again when urlscan installed httprint says is sure about 50 and 60% which is not good enough, so as you can see it would hurt you to install urlscan, and of course if you don't know what type of server is running on port 80 makes it much difficult to find exploits for something you don't know. you may want to check out this arlticle http://www.pctechtips.org/pentesting_webservers_httprint_nikto_nessus.htm here you can see how nmap fails to properly identify the kind of server running on port 80 thanks Jorge L. Vazquez www.pctechtips.org MCSE, CCNA, A+
Current thread:
- Microsoft Urlscan Filter v3.0 amatachick (Aug 28)
- Re: Microsoft Urlscan Filter v3.0 Jorge L. Vazquez (Aug 29)
- Re: Microsoft Urlscan Filter v3.0 J. Oquendo (Aug 29)
- Re: Microsoft Urlscan Filter v3.0 Jorge L. Vazquez (Aug 29)