[Dshield] WebDAV Web Log Signature

Paul Marsh pmarsh at nmefdn.org
Thu Mar 27 18:28:25 GMT 2003



-----Original Message-----
From: John Hardin [mailto:johnh at aproposretail.com]
Sent: Thursday, March 27, 2003 11:58 AM
To: General DShield Discussion List
Subject: RE: [Dshield] WebDAV Web Log Signature


On Thu, 2003-03-27 at 00:35, Fernando {mumble} wrote:
> 
> I've been following this thread on and off the last few days and wonder 
> why no-one has mentioned installing Microsoft's URLSCAN dll for the IIS 
> servers.

The discussion here is about monitoring vulnerability scanning traffic,
not securing vulnerable systems. I'm pretty sure the discussions about
securing vulnerable servers (e.g. the official Microsoft announcement)
include a discussion of URLscan.

John:

	I think Fernando is also referring to the logging functionality inherent in URLSCAN.
Not only does the tool help in locking down IIS but it also enables you to log disallowed requests.
The logging is a little on the weak side but functional, I was going to suggest it also but
the thread looks like it's more geared to apache.  I've been getting so few scans(maybe one a day
if that)I didn't even pursue scan submittal.

Thanx, Paul












More information about the list mailing list