Bugtraq mailing list archives

ISAPI and SECUREIIS

From: Crussaider <crussaider () globalnet hr>
Date: Wed, 27 Jun 2001 00:56:48 +0200



        Hi all,

        after some testing I noticed that SecureIIS 1.0.6 does not
        protect IIS 5.0 from ISAPI DoS attack. In the attachment is
        isapi-dos2.c and isapi.exe cygwin compilation.

        After attack with this exploit IIS is down. In SecureIIS i
        have very restrictive polices, but anyway it did not manage to
        protect it from this kind of attack.
        To try isapi.exe you must have cygwin1.dll

        Does anyone have similar experience?
        


-- 
Best regards,
 Crussaider                          mailto:crussaider () globalnet hr

Attachment: isapi-dos2.c
Description:

Current thread:

ISAPI and SECUREIIS Crussaider (Jun 27)
- <Possible follow-ups>
- RE: ISAPI and SECUREIIS Marc Maiffret (Jun 28)