Educause Security Discussion mailing list archives

Re: Chinese dot-dot-slash attack on Windows 2000/IIS

From: Jeni Li <jeni.li () ASU EDU>
Date: Fri, 26 Sep 2008 13:31:08 -0700

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew Daviel
Sent: Thursday, September 11, 2008 7:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Chinese dot-dot-slash attack on Windows 2000/IIS

<snip>

Has anyone seen this kind of thing ? Is Windows 2000 IIS just plain
vulnerable,
or might this be a configuration problem ?

(Generally, I do Linux, and Windows problems have been viruses and

trojans

caught by Symantec, rather than remote access exploits, so I'm not so
familiar with this side of things)


Andrew, a ../ attack shouldn't work on a well-configured W2k/IIS server.
I'd suggest you take a few moments to read section W1 of SANS Top 20
(2002). This article addresses IIS on W2k; while certainly not
exhaustive, it gives some useful background and basic protective
measures for the most common exploits. In particular, check out W1.5.4
and W1.5.5 -- but the entire list may be of use since you're less
familiar with Windows. http://www.sans.org/top20/2002/#W1
j

Current thread:

Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 11)
- <Possible follow-ups>
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Justin Azoff (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Curt Wilson (Sep 16)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Jeni Li (Sep 26)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Delaney, Cherry L. (Sep 27)