Hat nichts mit ASP zu tun! Oder besser gesagt nicht direkt. Aber ohne IIS ist ja ASP auch nutzlos.... :-) Hallo Liste Microsoft hat ein Tool herausgegeben(nicht Lockdown!!), mit dem einige Sicherheitsl�cken des IIS geschlossen werden. Ich pers�nlich finde es ein Super-Tool. Das Tool hat meinen IIS besch�tzt, obwohl ca. 200PC's(Im gleichen Netz) mit dem Nimda Virus infiziert waren. Das Tool nennt sich URLScan. Es blockt alle nicht zul�ssigen Anfragen an den IIS(Was erlaubt ist und was nicht, kann in einer ini-Datei sehr einfach eingestellt werden.) Es protokoliert alle illegalen Anfragen die der IIS dank dem URLScan-Tool rejected hat mit Zeit, Datum, Querystring und IP-Adresse des "�belt�ters"(Virusbefallener-PC). Schaut Euch mal dieses Tool an. Ich kann es nur empfehlen!!!! Hier der Link dazu: http://www.microsoft.com/downloads/release.asp?releaseid=32571&NewList=2 Mit freundlichen Gr�ssen Marek Hagmann PS: Damit Ihr es Euch besser vorstellen k�nnt: So sieht das Protokoll aus: Es beinhaltet die Einstellungen des URLScan sowie illegale Anforderung. [Do, Sep 20 2001 - 15:13:17] ---------- UrlScan.dll Initializing ---------- [Do, Sep 20 2001 - 15:13:17] URLs will be normalized before analysis. [Do, Sep 20 2001 - 15:13:17] URL normalization will be verified. [Do, Sep 20 2001 - 15:13:17] URLs may contain OEM, international and UTF-8 characters. [Do, Sep 20 2001 - 15:13:17] URLs must not contain any dot except for the file extension. [Do, Sep 20 2001 - 15:13:17] Only the following verbs will be allowed (case sensitive): [Do, Sep 20 2001 - 15:13:17] 'GET' [Do, Sep 20 2001 - 15:13:17] 'HEAD' [Do, Sep 20 2001 - 15:13:17] 'POST' [Do, Sep 20 2001 - 15:13:17] Requests for following extensions will be rejected: [Do, Sep 20 2001 - 15:13:17] '.exe' [Do, Sep 20 2001 - 15:13:17] '.bat' [Do, Sep 20 2001 - 15:13:17] '.cmd' [Do, Sep 20 2001 - 15:13:17] '.com' [Do, Sep 20 2001 - 15:13:17] '.htw' [Do, Sep 20 2001 - 15:13:17] '.ida' [Do, Sep 20 2001 - 15:13:17] '.idq' [Do, Sep 20 2001 - 15:13:17] '.htr' [Do, Sep 20 2001 - 15:13:17] '.idc' [Do, Sep 20 2001 - 15:13:17] '.shtm' [Do, Sep 20 2001 - 15:13:17] '.shtml' [Do, Sep 20 2001 - 15:13:17] '.stm' [Do, Sep 20 2001 - 15:13:17] '.printer' [Do, Sep 20 2001 - 15:13:17] '.ini' [Do, Sep 20 2001 - 15:13:17] '.log' [Do, Sep 20 2001 - 15:13:17] '.pol' [Do, Sep 20 2001 - 15:13:17] '.dat' [Do, Sep 20 2001 - 15:13:17] Requests containing the following headers will be rejected: [Do, Sep 20 2001 - 15:13:17] 'translate:' [Do, Sep 20 2001 - 15:13:17] 'if:' [Do, Sep 20 2001 - 15:13:17] 'lock-token:' [Do, Sep 20 2001 - 15:13:17] Requests containing the following character sequences will be rejected: [Do, Sep 20 2001 - 15:13:17] '..' [Do, Sep 20 2001 - 15:13:17] './' [Do, Sep 20 2001 - 15:13:17] '\' [Do, Sep 20 2001 - 15:13:17] ':' [Do, Sep 20 2001 - 15:13:17] '%' [Do, Sep 20 2001 - 15:13:17] '&' [Do, Sep 20 2001 - 15:22:32] Client at 149.133.75.150: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/scripts/root.exe' [Do, Sep 20 2001 - 15:22:32] Client at 149.133.75.150: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/MSADC/root.exe' [Do, Sep 20 2001 - 15:22:32] Client at 149.133.75.150: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/c/winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:22:32] Client at 149.133.75.150: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/d/winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:22:32] Client at 149.133.75.150: URL normalization was not complete after one pass. Request will be rejected. Raw URL='/scripts/..%255c../winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:22:33] Client at 149.133.75.150: URL normalization was not complete after one pass. Request will be rejected. Raw URL='/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:22:33] Client at 149.133.75.150: URL normalization was not complete after one pass. Request will be rejected. Raw URL='/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:22:33] Client at 149.133.75.150: URL normalization was not complete after one pass. Request will be rejected. Raw URL='/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:24:30] Client at 149.133.42.2: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/scripts/root.exe' [Do, Sep 20 2001 - 15:24:30] Client at 149.133.42.2: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/MSADC/root.exe' [Do, Sep 20 2001 - 15:24:30] Client at 149.133.42.2: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/c/winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:24:30] Client at 149.133.42.2: URL contains extension '.exe', which is disallowed. Request will be rejected. Raw URL='/d/winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:24:31] Client at 149.133.42.2: URL normalization was not complete after one pass. Request will be rejected. Raw URL='/scripts/..%255c../winnt/system32/cmd.exe' [Do, Sep 20 2001 - 15:24:31] Client at 149.133.42.2: URL normalization was not complete after one pass. Request will be rejected. Raw URL='/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net | Oft Gefragtes: http://www.aspgerman.com/aspgerman/faq/ | [aspdebeginners] als [email protected] subscribed | http://www.aspgerman.com/archiv/aspdebeginners/ = Listenarchiv | Sie knnen sich unter folgender URL an- und abmelden: | http://www.aspgerman.com/aspgerman/listen/anmelden/aspdebeginners.asp
