ATTACKING IIS WITH GET COMMANDS

Using a telnet client, a person can connect to port 80 of a Web server, where they would enter "GET ../.." which proceeds to crash the Web server (inetsrv.exe). Additionally, if the Web site is running MS Proxy Server, the proxy crashes too -- potentially exposing the entire network depending on how it is built, numbered, and routed.

This attack causes Dr. Watson to display an alert window, and to log an error upon crashing:

"The application, exe\inetinfo.dbg, generated an application error The error occurred on date@ time The exception generated was c0000005 at address 53984655 (TCP_AUTHENT::TCP_AUTHENT"