Last post Sep 25, 2010 09:42 AM by mbanavige
Sep 20, 2010 05:27 AM|Bas26|LINK
What kind of requests hackers usually send to the server, may be deny some pattern of requests?
Sep 20, 2010 10:47 AM|mbanavige|LINK
Given that the exploit appears to make thousands of requests against the server i suppose you might consider blocking such traffic if it exceeds a threshold and originates from the same IP address. IP's can be spoofed though.
So regardless of what other protections you might want to implement, you should - at a minimum - implement the recommendations as found in Scott Gu's blog article:
Sep 25, 2010 09:42 AM|mbanavige|LINK
may be deny some pattern of requests?
Scott Gu has just published an update and there is an additional step that you need to take to be protected
His blog post refers to using UrlScan, but he does go on to indicate (see his comments) that this additional step of blocking certain querystring patterns could be implemented using IIS7 request filtering.
The security advisory has been updated as well:
The steps for using either UrlScan or Request Filtering are outlined in the Workarounds section of the advisory.
Keep in mind that this extra step is something that needs to be done in addition to the steps from his