<<< Date Index >>>     <<< Thread Index >>>

RE: Creating a secret web site on IIS 5.x using Alternative Data Streams



Mitigation at the IIS server looks pretty straightforward.

URLScan in default configuration prevents access to ADS files, generating
the following log line:

Client at 10.1.1.100: URL contains sequence ':', which is disallowed.
Request will be rejected.  Site Instance='1', Raw
URL='/myremoteserver/help.gif:secret'

So you should see accesses in the IIS logs if you don't run URLScan, and
failed attempts in the URLScan logs if you do run it.