Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2667 |
Message | WEB-IIS ping.asp access |
Summary | This event is generated when an attempt is made to access the file ping.asp. |
Impact | Possible Denial of Service (DoS) |
Detailed Information | The script ping.asp allows a user to use the system ping command to send ICMP echo request messages to a third party from the web server hosting the script. This script does not properly sanitize user input and may be used as a tool in a DoS attack against that third party server. |
Affected Systems | All systems |
Attack Scenarios | An attacker can supply the address of a target host and pass parameters to the ping command via the web interface to cause a possible exhaustion of resources on a target host to cause the DoS condition. |
Ease of Attack | Simple |
Corrective Action | Uninstall the script ping.asp Only allow usage from authenticated users |
Additional References | SecurityFocus mailing list: http://online.securityfocus.com/archive/82/275088 |
Rule References | nessus: 10968 |
--
DID:856644
--
http://www.aanval.com/