Re: [PEN-TEST] Avoiding IIS Logging

[Mike Ahern <mc_ahern () YAHOO COM>]

In my own (very limited) testing in-house, this seemed
to work (i.e., it didn't log) on an old plain vanilla
installed IIS web server, and failed (it did log) on a
newer patched IIS web server.

I am not sure if my test results are 100% tho, since
the one it seemed to work on was password protected
(tho a connection from Internet Explorer was logged
and a connection from avoid.exe was not).

The interesting part of the newest IIS servers logs
was that it displayed what appeared to be a truncated
request ("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
default.asp").

Hope this helps.


 - mch



__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/