Unrecognized IP Addresses before the site could go live!!! -- iis security

John
4/30/2004 7:27:35 AM

Hi,

This is a new webserver (Windows 2000 with IIS 5.0). This
server is inside the DMZ zone, and it has still not gone
live. We have two firewalls 1. The corporate and 2.The DMZ
firewall.

But, we see strange IP Addresses being recorded on the
webserver log files. When we do a traceroute to this it
TIMES OUT at certain points.

Some, IP Address do reach the destination.

Is this some kind of Security Breach we are seeing that
some program has been installed or a Trojon Horse that is
trying to send information to the outside world!.

I am not sure whether I have Installed the URL SCAN on
this server, but I can get that installed ASAP. We have
Security Settings implemented on this also. Even though it
may not be Hisecweb.inf but we have a default template for
securing our servers. Unless and until, I need to use only
this to ensure that the webserver is secure, then I will
have to inform the management about this.

Please, do let me know ! Other Security Experts!

Roger Abell [MVP]
5/2/2004 9:19:45 AM

You have not given us much to work with here.
You see "strange IP addresses" in the w3svc logfiles.
I have to assume that you are intending to allow access to the
webserver, so why is it strange to see outside ("strange"?) IPs
hitting on the server ??

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA, MCSE W2k3+W2k+Nt4
[quoted text, click to view]

iis security : Unrecognized IP Addresses before the site could go live!!!