[Dshield] Check this out.
pmarsh at nmefdn.org
Tue Aug 21 20:11:35 GMT 2001
Thanx for the tip, it was very helpful.
Deny all access to /winnt/system32 from the IUSR_machinename (IIS
anonymous access) user.
cacls . /e /d IUSR_sysname
cacls *.exe /e /d IUSR_sysname
cacls *.com /e /d IUSR_sysname
Of course, this does NOT protect you against the CR backdoor; that runs
at system privileges, not anonymous-user privileges.
More information about the list