Informant: Locating and Disabling Unauthorized IIS Servers

Learn how to locate and disable unauthorized IIS servers on your network systems.

Brett Hill

February 4, 2002

1 Min Read
ITPro Today logo in a gray background | ITPro Today

I have a large network with many IIS servers installed on various systems. How can I locate and disable unauthorized IIS servers on the network systems?

Locating IIS servers on your network is fairly straightforward, and several tools are available for accomplishing this task. All these tools involve scanning your IP address range to see whether a server responds to port 80—the default port for Web services. If you can't connect to port 80, some server application is listening on that port. In many companies, that server application is one of Microsoft's Web servers, such as a Windows 98 machine running Personal Web Server (PWS) or a beta version of Windows .NET Server (formerly code-named Whistler) running IIS 6.0.

You can go a step further than simply scanning your IP address range and obtain one of the hacker tools that not only scans for port 80 but records the server's response. The premier port-scanning tool is Insecure.Org's Network Mapper (nmap.exe) utility. Insecure.Org also has UNIX-based versions of the tool. eEye Digital Security has ported Nmap to a Windows version called Nmapnt.

In addition, the Network Security Hotfix Checker (hfnetchk.exe) tool, which is a free download from Microsoft's Web site, will scan a subnet and report on which hotfixes you've applied to a computer, as Figure 1 shows. Any system with IIS will include a list of required hotfixes. You can use a standard redirection at a command prompt, such as

hfnetchk>scanresults.txt

to capture this output to a text file.

Another useful tool is Rain.Forest.Puppy's Whisker. Whisker is a Web server vulnerability scanner at heart and serves well in detecting IIS servers.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like