|
Home > Archive > IIS Server Security > February 2004 > WebDAV Probes
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Roger Abell 2004-02-25, 10:34 am |
| Have many others noticed a slow, but accelerating,
increase in the amount of WebDAV supporting verbs
getting thrown at their IIS servers ?
Over the past 4 to 6 months I have watched this, starting
with an almost non-existent amount, but now in the past
month it seems to have really accelerated.
While I have this disabled at the IIS level, and also
crippled at the registry level, if the growth continues
the amount may get to be non-negligable in a while.
Any ideas on what probe tool may have been updated
to examine for these exploit vectors ?
TIA,
--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
| |
| Bernard 2004-02-25, 11:34 pm |
| My traffic for such request is going down as compare when the exploits is in
it early stage. now, not much, about the same for codered. and urlscan is
blocking all these.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:eF3zW26#DHA.2432@TK2MSFTNGP11.phx.gbl...
> Have many others noticed a slow, but accelerating,
> increase in the amount of WebDAV supporting verbs
> getting thrown at their IIS servers ?
> Over the past 4 to 6 months I have watched this, starting
> with an almost non-existent amount, but now in the past
> month it seems to have really accelerated.
>
> While I have this disabled at the IIS level, and also
> crippled at the registry level, if the growth continues
> the amount may get to be non-negligable in a while.
>
> Any ideas on what probe tool may have been updated
> to examine for these exploit vectors ?
>
> TIA,
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
>
>
| |
| Roger Abell 2004-02-26, 11:35 am |
| Interesting Bernard,
Just the reverse of what I have been seeing. On the older IIS the
URLscan logs have been steadily increasing, from scattered IPs,
over the past month or so, more noticable in recent weeks.
Roger
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:OL4SkqB$DHA.2800@tk2msftngp13.phx.gbl...
> My traffic for such request is going down as compare when the exploits is
in
> it early stage. now, not much, about the same for codered. and urlscan is
> blocking all these.
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:eF3zW26#DHA.2432@TK2MSFTNGP11.phx.gbl...
>
>
| |
| Bernard 2004-02-27, 2:34 am |
| Weird, I have few machines in Ireland and Hong kong. both of them looks ok..
main traffic will be '../winnt/system32/cmd.exe' .. nothing else.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Roger Abell" <mvp@asu.edu> wrote in message
news:eYBi9QI$DHA.1844@TK2MSFTNGP11.phx.gbl...
> Interesting Bernard,
> Just the reverse of what I have been seeing. On the older IIS the
> URLscan logs have been steadily increasing, from scattered IPs,
> over the past month or so, more noticable in recent weeks.
>
> Roger
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:OL4SkqB$DHA.2800@tk2msftngp13.phx.gbl...
is[color=darkred]
> in
is[color=darkred]
>
>
|
|
|
|
|