Possible way to avoid unknown IIS vulnerabilities

["Mark A Lewis" <mark () mnlewis com>]

While poking around in my logs following Code Red I started noticing that
there were no entries indicating any attempts. Not fully believing this I
went ahead and got Snort back up and running and waited 10 min and I already
had 17 hits. After thinking a bit I came to the conclusion that the cause
for this is host headers. Now, how this applies to future vulnerabilities is
this: most of these script based attacks generate random IPs, so if you use
host headers even if only one site is present it would require a name to
tell the web server which dir to send the request to. Not sure how effective
this would be against Unicode type exploits, but I feel it would have helped
with CR. Should be able to accomplish the same thing with Apache too.....
Any thoughts or experiences?



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com