[Intrusions] Would IIS auth prevent buffer overflow attacks
Wes Young
wcyoung at buffalo.edu
Thu Aug 25 11:48:25 GMT 2005
sure... unless the authentication mechenism was flawed
and exploited (as it was in june of 2004).
Something you actually tend to see a lot more of as this year goes on.
Stephen Shepherd wrote:
> If IIS authentication were enabled on a web server
> would it prevent buffer overflow attacks unless the
> attacker had valid credentials.
>
> I would think that the web server would not process
> the initial get request until it had successfully
> authenticated the client??
>
> Just curious if this would add any protection to a www site..
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
--
Wes Young
Network Security Analyst
University at Buffalo
--
My Security Blog: http://tinyurl.com/9av4k
RSS: http://tinyurl.com/ceopv
My Life: http://tinyurl.com/l18g
More information about the Intrusions
mailing list