ISAPI and SECUREIIS

[Crussaider]

        Hi all,

        after some testing I noticed that SecureIIS 1.0.6 does not
        protect IIS 5.0 from ISAPI DoS attack. In the attachment is
        isapi-dos2.c and isapi.exe cygwin compilation.

        After attack with this exploit IIS is down. In SecureIIS i
        have very restrictive polices, but anyway it did not manage to
        protect it from this kind of attack.
        To try isapi.exe you must have cygwin1.dll

        Does anyone have similar experience?
        


-- 
Best regards,
 Crussaider                          mailto:[EMAIL PROTECTED]

isapi-dos2.c