Firewalls: RE: Another IIS Bug

Firewalls
(December 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Another IIS Bug
From:	Mark Joseph Edwards <mark @ ntshop . net>
Date:	Tue, 10 Dec 1996 00:09:42 -0600
To:	"'firewalls @ greatcircle . com'" <firewalls @ greatcircle . com>

Ooops. Wrong list......and a long day. I didn't mean to ruffle your feathers.....

-----Original Message-----
From:	R. E. Paret [SMTP:rparet @
 trumpet .
 aix .
 calpoly .
 edu]
Sent:	Monday, December 09, 1996 11:57 PM
To:	Mark Joseph Edwards
Cc:	'firewalls @
 greatcircle .
 com'
Subject:	Re: Another IIS Bug

On Mon, 9 Dec 1996, Mark Joseph Edwards wrote:

> 
> Wanna see something ridiculous?
> 
> Telnet to your favorite (?) IIS Web server on port 80 (of course) and enter this "GET ../.." and press ENTER.
> 
> The Web server crashes!  Geez. Talk about denial of service..........
> 
> mark
> 

The only thing ridiculous here is your post.  Not only is it off topic, 
but that bug you mentioned was fixed VERSIONS ago. There have been many 
other bugs since then (like phf) which have also been patched, making any 
DOS attack using that method totally ineffective.

				R. E. Paret

Indexed By Date	Previous:	RE: Is NT really that bad? From: "Yehuda G. Hahn" <ygh @ cfsnet . com>
Indexed By Date	Next:	test..... From: "Cihan Subasi (Garanti Tic)" <NCS1 @ garanti . com . tr>
Indexed By Thread	Previous:	RE: Another IIS Bug From: Mark Joseph Edwards <mark @ ntshop . net>
Indexed By Thread	Next:	Re: Another IIS Bug From: "James D. Wilson" <netsurf @ pixi . com>