Educause Security Discussion mailing list archives
Re: Chinese dot-dot-slash attack on Windows 2000/IIS
From: Jeni Li <jeni.li () ASU EDU>
Date: Fri, 26 Sep 2008 13:31:08 -0700
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew Daviel Sent: Thursday, September 11, 2008 7:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Chinese dot-dot-slash attack on Windows 2000/IIS
<snip>
Has anyone seen this kind of thing ? Is Windows 2000 IIS just plain vulnerable, or might this be a configuration problem ? (Generally, I do Linux, and Windows problems have been viruses and
trojans
caught by Symantec, rather than remote access exploits, so I'm not so familiar with this side of things)
Andrew, a ../ attack shouldn't work on a well-configured W2k/IIS server. I'd suggest you take a few moments to read section W1 of SANS Top 20 (2002). This article addresses IIS on W2k; while certainly not exhaustive, it gives some useful background and basic protective measures for the most common exploits. In particular, check out W1.5.4 and W1.5.5 -- but the entire list may be of use since you're less familiar with Windows. http://www.sans.org/top20/2002/#W1 j
Current thread:
- Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 11)
- <Possible follow-ups>
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Justin Azoff (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Andrew Daviel (Sep 12)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Curt Wilson (Sep 16)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Jeni Li (Sep 26)
- Re: Chinese dot-dot-slash attack on Windows 2000/IIS Delaney, Cherry L. (Sep 27)