Firewall Wizards mailing list archives
RE: How to best protect IIS server
From: Jason Zann <jason.zann () maryville com>
Date: Fri, 11 Aug 2000 09:20:05 -0500
This is a product from Sanctum http://www.sanctuminc.com/ (formerly Perfecto Technologies) that provides a way of scanning specific traffic going through a firewall. example: If you allow HTTP traffic from the internet to a web server, this product would sit between those two connections and allow everything over port 80 to be interrogated. It is kind of like a firewall that can determine if users are trying to side step login screens, insert wild cards into web based forms (like the older cgi-bin hacks that were popular a couple of years ago) and the like. An excellent product to sit in front of a webserver.
-----Original Message----- From: Marc Maiffret [SMTP:marc () eeye com] Sent: Wednesday, August 09, 2000 4:10 AM To: Chris Keladis; Robert Collins Cc: firewall-wizards () nfr net Subject: RE: [fw-wiz] How to best protect IIS server Even checking for valid "http protocol" syntax would not help much considering most of the IIS holes use valid HTTP commands etc.... Firewalls will not help you at all in protecting an IIS server. The only thing they will do is help protect the rest of your network when your IIS server gets broken into. Signed, Marc Maiffret Chief Hacking Officer eCompany / eEye T.949.349.9062 F.949.349.9538 http://eEye.com | -----Original Message----- | From: firewall-wizards-admin () nfr net | [mailto:firewall-wizards-admin () nfr net]On Behalf Of Chris Keladis | Sent: Wednesday, August 09, 2000 1:49 AM | To: Robert Collins | Cc: firewall-wizards () nfr net | Subject: RE: [fw-wiz] How to best protect IIS server | | | | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | At 10:22 AM 8/8/00 +1000, you wrote: | | >Actually the PIX can check that http protocol rules are being followed, | >which should stop things like telnet-in-http tricks. | | | Maybe i'm being naive here, but how could the PIX figure out | "telnet-in-http" from "browser-in-http" ... Or am i totally | missing the point?? | | | | Regards, | | | Chris Keladis | | System/Security Administrator | Custom Management Centre | Cable & Wireless Optus. | | Phone: (02) 9775-5312 | Mobile: (0402) 067-375 | E-Mail: Chris.Keladis () cmc cwo net au | | | | -----BEGIN PGP SIGNATURE----- | Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> | | iQA/AwUBOZF9gCEx0akmf5vwEQK8UQCfe2j6kPIZV3xEg0Dbvp7BdM2w4cUAnR9S | KTDDcN49+9+jlanjWUjX8OKd | =Xgyz | -----END PGP SIGNATURE----- | | | _______________________________________________ | Firewall-wizards mailing list | Firewall-wizards () nfr net | http://www.nfr.net/mailman/listinfo/firewall-wizards | _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: How to best protect IIS server Jason Zann (Aug 11)
- <Possible follow-ups>
- RE: How to best protect IIS server Ryan Russell (Aug 11)
- Re: How to best protect IIS server H. Morrow Long (Aug 11)