Penetration Testing mailing list archives
Re: [PEN-TEST] Avoiding IIS Logging
From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Tue, 9 Jan 2001 12:38:45 -0800
In my own (very limited) testing in-house, this seemed to work (i.e., it didn't log) on an old plain vanilla installed IIS web server, and failed (it did log) on a newer patched IIS web server. I am not sure if my test results are 100% tho, since the one it seemed to work on was password protected (tho a connection from Internet Explorer was logged and a connection from avoid.exe was not). The interesting part of the newest IIS servers logs was that it displayed what appeared to be a truncated request ("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA default.asp"). Hope this helps. - mch __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
Current thread:
- Re: [PEN-TEST] Avoiding IIS Logging Mike Ahern (Jan 09)