HackerZ4U

UrlScan 3.1

UrlScan 3.1 is a security tool that restricts the types of HTTP requests that IIS will process. By blocking specific HTTP requests, the UrlScan 3.1 security tool helps to prevent potentially harmful requests from reaching applications on the server. UrlScan 3.1 is an update to UrlScan 2.5 supports IIS 5.1, IIS 6.0 and IIS 7.0 on Windows Vista and Windows Server 2008.
Prevent potentially harmful requests from reaching Web applications

UrlScan 3.1 screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.
Mitigate SQL injection attacks

UrlScan 3.1 can be configured to filter HTTP querystring values and other HTTP headers to mitigate SQL injection attacks while the root cause is being fixed in the application.
Analyze Log Files

UrlScan 3.1 provides W3C formatted logs for easier log file analysis through log parsing solutions like Microsoft Log Parser 2.2.
Features

* New installer allows UrlScan 3.1 to be installed on IIS 5.1, IIS 6.0, and IIS 7.0
* Create “deny” rules independently to the query string, all headers, or a particular header.
* A global DenyQueryString section in configuration lets you add deny rules for query strings with the option of checking the un-escaped version of the query string.
* A global AlwaysAllowedUrls section in configuration lets you specify safe URLs that will bypassall URL based checks.
* A global AlwaysAllowedQueryStrings section in configuration lets you specify safe query strings that will bypass all query string checks.
* Escape sequences (e.g., %0A%0D) can be used in deny rules so it is possible to deny CRLF and other sequences involving non-printable characters.
* Multiple UrlScan instances can be installed as site filters, each with its own configuration and rules (UrlScan.ini).
* Configuration (UrlScan.ini) change notifications are propagated to IIS worker processes.
* Enhanced W3C formatted logging gives descriptive configuration errors in the Remarks header.

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.

Rootkits have become more common and their sources more surprising. In late October of 2005, security expert Mark Russinovich of Sysinternals discovered that he had a rootkit on his own computer that had been installed as part of the digital rights management (DRM) component on a Sony audio CD. Experts worry that the practice may be more widespread than the public suspects and that attackers could exploit existing rootkits. “This creates opportunities for virus writers,” said Mikko Hypponen, director of AV research for Finnish firm F-Secure Corp. “These rootkits can be exploited by any malware, and when it’s used this way, it’s harder for firms like ours to distinguish the malicious from the legitimate.”

A number of vendors, including Microsoft, F-Secure, and Sysinternals, offer applications that can detect the presence of rootkits. If a rootkit is detected, however, the only sure way to get rid of it is to completely erase the computer’s hard drive and reinstall the operating system.