Security Incidents mailing list archives
Possible way to avoid unknown IIS vulnerabilities
From: "Mark A Lewis" <mark () mnlewis com>
Date: Thu, 9 Aug 2001 01:31:10 -0500
While poking around in my logs following Code Red I started noticing that there were no entries indicating any attempts. Not fully believing this I went ahead and got Snort back up and running and waited 10 min and I already had 17 hits. After thinking a bit I came to the conclusion that the cause for this is host headers. Now, how this applies to future vulnerabilities is this: most of these script based attacks generate random IPs, so if you use host headers even if only one site is present it would require a name to tell the web server which dir to send the request to. Not sure how effective this would be against Unicode type exploits, but I feel it would have helped with CR. Should be able to accomplish the same thing with Apache too..... Any thoughts or experiences? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Possible way to avoid unknown IIS vulnerabilities Mark A Lewis (Aug 09)
- RE: Possible way to avoid unknown IIS vulnerabilities Michael Katz (Aug 10)
- Re: Possible way to avoid unknown IIS vulnerabilities Mike Lewinski (Aug 10)
- RE: Possible way to avoid unknown IIS vulnerabilities Michael Katz (Aug 10)