lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: rlanguy at hotmail.com (Lan Guy)
Subject: IIS 5.0 random/fixed TCP/UDP ports

Have not tried to exploit it, 

But MS have fixed in IIS 6 (Win2003 Server) at least the port is only open to localhost.

So  I would argue they have learnt, but they haven't fixed it!  
  ----- Original Message ----- 
  From: Frank Knobbe 
  To: Jean-Baptiste Marchand 
  Cc: full-disclosure@...ts.netsys.com 
  Sent: Tuesday, November 11, 2003 1:51 AM
  Subject: Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports

  If that port is used INTERNALLY, shouldn't it be listening INTERNALLY,
  as in LOCALHOST? When will MS ever learn... 


  (And the first one who replies with "Microsoft is adding host based
  firewalls to 'fix' this architectural oversight" is gonna get added to a
  filter list... :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031111/fc3142a9/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ