I downloaded the "urlscan.exe" tool and installed it on my NT4.0 sp6a
MS01-044 IIS4.0 web server. After installing, all of my 14 websites were
unavailable! I made sure that the web servers were running, but you couldn't
get to them. Thank goodness there is an uninstall option.

I was under the impression that (got this info from the ms download page)
that there was a "default" set of properties that could be used, and I
looked at the "urlscan.ini" to try and make some sense of what the
parameters were, but in the interest of time, I had to uninstall.

Also, even though I was sending requests to the web server from various
browsers, no log entries were made that showed requests being blocked. This
is supposed to be the key info that helps you tweak the urlscan tool, but
since I was not getting any log entries, I had nothing to troubleshoot.

We use 128 bit SSL on all our websites. Could this be the problem?

I don't think I will attempt to make use of this tool again until I know
what happened. I would warn others to do the same.

David Alberson - GS-334-13 ( MCP2K, CCNA, CNE5 )
__________________________________________________
email:david.albersondcaa.mil DCAA - OITD
phone:901-325-6259 4075 Park Avenue
fax:901-325-6233 Memphis, TN 38111
__________________________________________________

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]