Potential vulnerability alert for NT servers running IIS!

Question

Potential vulnerability alert for NT servers running IIS!

Answer

This question was answered on December 1, 2000. Much of the information contained herein may have changed since posting.

I've run into several customers who's NT machines have been used as anonymous FTP servers allowing anyone on the internet to download pirated software from their machines without their knowlege Once someone has put those files on such a machine, he/she advertises this fact to 500 of their closest friends and voila, your connection to the internet is completely clogged by these requests If you meet the following criteria, you might be next !

1 You have a dedicated, high speed connection to the internet via leased line (Frame-Relay, etc), DSL or cable modem.

2 You have IIS installed and it allows anonymous FTP access (which is the default setting!).

3 Your file permissions are such that anonymous FTP users can create and write files on your hard drive Simply put, anyone can put anything they want on your system.

The one common denominator in this sort of compromise is the existance of a file called 1MB or 1mb which is exactly 1000000 bytes This apparently is installed to determine whether or not your connection is fast enough to make you a suitable victim.

The bottom line is, don't allow anonymous FTP on IIS servers!

Lee Burton

Extreme Internet

<a href="http://www.extremezone.com"><font color="#003399">www.extremezone.com</font></a>

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on December 1, 2000