On Tue, Nov 26, 2002 at 03:11:42PM -0600, H D Moore wrote: > On Tuesday 26 November 2002 03:03 pm, Mark G. Spencer wrote: > > I just ran Nessus 1.2.6 (partial scan) against a local Windows 2000 DNS > > Server and Nessus reported (in addition to all kinds of services > > running): > > > > "Possible Backdoors: > > iiscrack.dll - /scripts/httpodbc.dll > > iise.exe - /scripts/idq.dll" > > >... > You definately want to look into it. The "iiscrack.dll" exploit needs to
It also may be a false positive. I've found that a large number of IIS installs don't return HTTP 404 error codes on "File not found", but instead return 200 and an HTML page saying "File not found" :-/ [Our IDS reports successful attacks against our IIS server for the formmail exploit, when we definitely don't have a /cgi-bin directory on it :-)] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
