Bugtraq mailing list archives
ISAPI and SECUREIIS
From: Crussaider <crussaider () globalnet hr>
Date: Wed, 27 Jun 2001 00:56:48 +0200
Hi all, after some testing I noticed that SecureIIS 1.0.6 does not protect IIS 5.0 from ISAPI DoS attack. In the attachment is isapi-dos2.c and isapi.exe cygwin compilation. After attack with this exploit IIS is down. In SecureIIS i have very restrictive polices, but anyway it did not manage to protect it from this kind of attack. To try isapi.exe you must have cygwin1.dll Does anyone have similar experience? -- Best regards, Crussaider mailto:crussaider () globalnet hr
Attachment:
isapi-dos2.c
Description:
Current thread:
- ISAPI and SECUREIIS Crussaider (Jun 27)
- <Possible follow-ups>
- RE: ISAPI and SECUREIIS Marc Maiffret (Jun 28)