[Dshield] Check this out.

Paul Marsh pmarsh at nmefdn.org
Tue Aug 21 20:11:35 GMT 2001


John:

	Thanx for the tip, it was very helpful.

Thanx, Paul


Deny all access to /winnt/system32 from the IUSR_machinename (IIS
anonymous access) user. 

     cd \winnt\system32
     cacls . /e /d IUSR_sysname
     cacls *.exe /e /d IUSR_sysname
     cacls *.com /e /d IUSR_sysname

Of course, this does NOT protect you against the CR backdoor; that runs
at system privileges, not anonymous-user privileges.




More information about the list mailing list