Archives
-
Is IIS vulnerable to the THC SSL DoS attack tool?
There was a recently released tool by THC that can be used to launch Denial of Service (DoS) attacks against servers hosting SSL sites. Besides the traditional bot-net Distributed Denial of Service (DDoS) class attacks, this tool lets a single client use client SSL renegotiation to cause server DoS.
-
Is IIS susceptible to the Apache Range Header DoS attack?
A recent disclosure on seclists.org about a Denial of Service attack against Apache web servers has raised concerns about whether IIS web servers are affected. We will quickly talk about the issue and its impact on IIS web servers in this post.
-
World IPv6 Day and IIS 7
Wednesday June 8 2011 is World IPv6 Day and there will be plenty of representation by IIS7 on the Windows Server side. From Microsoft we will have participation in this event by Microsoft.com, Bing.com and Xbox.com; all of which run IIS7 web servers on their front end.
-
Use of special characters like '%' ‘.’ and ‘:’ in an IIS URL
There are multiple times that we get questions about % and other special characters in the URL and what the expected behavior is in IIS. The behavior in IIS is very deterministic when it comes to these special characters, but to explain the behavior we will need to delve a little bit into both URL canonicalization and the different stages of request processing in IIS.
-
Security update released for FTP 7.0 and FTP 7.5 0-day
In the later half of December 2010, an FTP 7.X exploit was published on http://www.exploit-db.com/exploits/15803/.