Frequently Asked Questions about the ASP.NET Security Vulnerability
page 5 of 8
by Scott Guthrie
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 28947/ 75

What would an attack look like on the network or in my logs?

The publicly disclosed exploit would cause the web server to generate thousands (or more likely tens of thousands) of HTTP 500 and 404 error responses to requests from a malicious client.

You can use stateful filters in your firewall or intrusion detection systems on your network to detect such patterns and block such clients.  The Dynamic IP Restrictions module supported by IIS 7 can also be used to block these types of attacks.

An attack attempt like this should also generate thousands of warnings in the application event log of your server similar to:

Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 11/11/1111 11:11:11 AM

Application information:

    Application domain: c1db5830-1-129291000036654651

    Application Virtual Path: /

Exception information:

    Exception type: CryptographicException

    Exception message: Padding is invalid and cannot be removed.

Note that there are non-attack reasons to see this error as well (including cases where you have mismatched keys on a web-farm, or a search engine is following links incorrectly, etc), so its presence does not necessarily indicate an attack. 

The exception also does not mean that an attack was successful.  Implementing the <customErrors> workaround we have provided can protect your application from the public exploit, and ensure that these exceptions do not disclose information that an attacker can use against the application.

View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-05-25 11:47:06 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search