Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2667 |
| Message | WEB-IIS ping.asp access |
| Summary | This event is generated when an attempt is made to access the file ping.asp. |
| Impact | Possible Denial of Service (DoS) |
| Detailed Information | The script ping.asp allows a user to use the system ping command to send ICMP echo request messages to a third party from the web server hosting the script. This script does not properly sanitize user input and may be used as a tool in a DoS attack against that third party server. |
| Affected Systems | All systems |
| Attack Scenarios | An attacker can supply the address of a target host and pass parameters to the ping command via the web interface to cause a possible exhaustion of resources on a target host to cause the DoS condition. |
| Ease of Attack | Simple |
| Corrective Action | Uninstall the script ping.asp Only allow usage from authenticated users |
| Additional References | SecurityFocus mailing list: http://online.securityfocus.com/archive/82/275088 |
| Rule References | nessus: 10968 |
--
DID:856644
--
http://www.aanval.com/