Full Disclosure mailing list archives
Re: IIS 5.0 random/fixed TCP/UDP ports
From: "Lan Guy" <rlanguy () hotmail com>
Date: Tue, 11 Nov 2003 11:36:34 +0200
Have not tried to exploit it, But MS have fixed in IIS 6 (Win2003 Server) at least the port is only open to localhost. So I would argue they have learnt, but they haven't fixed it! ----- Original Message ----- From: Frank Knobbe To: Jean-Baptiste Marchand Cc: full-disclosure () lists netsys com Sent: Tuesday, November 11, 2003 1:51 AM Subject: Re: [Full-disclosure] IIS 5.0 random/fixed TCP/UDP ports If that port is used INTERNALLY, shouldn't it be listening INTERNALLY, as in LOCALHOST? When will MS ever learn... (And the first one who replies with "Microsoft is adding host based firewalls to 'fix' this architectural oversight" is gonna get added to a filter list... :)
Current thread:
- IIS 5.0 random/fixed TCP/UDP ports thalm (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Jean-Baptiste Marchand (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Frank Knobbe (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Valdis . Kletnieks (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Lan Guy (Nov 11)
- Re: IIS 5.0 random/fixed TCP/UDP ports Frank Knobbe (Nov 10)
- Re: IIS 5.0 random/fixed TCP/UDP ports Jean-Baptiste Marchand (Nov 10)