IIS DoS (from last week) and how it DOESN'T work?

[Gadi Evron <gevron () gmail com>]

A few days ago a bugtraq post was made about an ISS DoS.

The post was almost completely ignored by everybody, and today we saw
a post on SANS ISC about a vague vulnerability in IIS 5.1 (XP) after a
post about it on SecuriTeam explaining how the vulnerability works:
http://www.securiteam.com/windowsntfocus/6E00E2KEUS.html

Now, the funny thing about this exploit is that it will only return an
exception on the 4th attempt. A friend of mine and me verified it. Try
it in with debugger. No exception until the 4th time the same URL is
sent.

Every time, only on the 4th attempt.

This is the BEST anti-exploitation effort I have ever seen! </sarcasm>

In my blog I give a few suggestions as to why:
http://blogs.securiteam.com/index.php/archives/145

The original text can be found at:
http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html

    Gadi.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.