Re: Host Company web on SBS 2003

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Leythos <Void@xxxxxxxxxxx>
Date: Sat, 03 Feb 2007 18:26:59 -0600

On Sun, 04 Feb 2007 01:10:29 +0100, Mariette Knap [SBS MVP] wrote:

In news:1170547186_619@xxxxxxxxxxxxxxxxxxxx,
Leythos <Void@xxxxxxxxxxx> wrote:

Yea, and you need to watch the traffic to see what I'm saying.

It is not about the fact that traffic is encrypted. It is about the services
you reach and those are the same as for normal HTTP traffic. When there is a
vulnerability in IIS it is as vulnerable as with traffic on port 80 or port
443. There is really no difference at all.

Let's see you explain this:

HTTP Service, allowing connections, the attack it all day long, searching
for a exploit.

HTTPS mode - they can't exploit it without an account that validates the
user/password.

In all of the HTTPS logs, firewall logs, traffic monitoring, I've never
seen any of the attempts that we see on HTTP ports.

Now, if you are talking about being able to hack after the user
authenticates, yes, it offers some of the same paths, but the user is then
known and has restrictions based on the user, not the public account.

--
Leythos
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Follow-Ups:
- Re: Host Company web on SBS 2003
  - From: Mariette Knap [SBS MVP]

References:
- Re: Host Company web on SBS 2003
  - From: Lanwench [MVP - Exchange]
- Re: Host Company web on SBS 2003
  - From: Stacemen
- Re: Host Company web on SBS 2003
  - From: Leythos
- Re: Host Company web on SBS 2003
  - From: Andy
- Re: Host Company web on SBS 2003
  - From: Andy
- Re: Host Company web on SBS 2003
  - From: Leythos
- Re: Host Company web on SBS 2003
  - From: Mariette Knap [SBS MVP]
- Re: Host Company web on SBS 2003
  - From: Leythos
- Re: Host Company web on SBS 2003
  - From: Mariette Knap [SBS MVP]

Prev by Date: Re: ConnectComputer Problem
Next by Date: Re: Why setup two servers with same name
Previous by thread: Re: Host Company web on SBS 2003
Next by thread: Re: Host Company web on SBS 2003
Index(es):
- Date
- Thread

Relevant Pages

Re: SBS 2003 and Outlook RPC over HTTP issues
... , but some of my clients do not want users to ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ...
(microsoft.public.windows.server.sbs)
Re: Public Website on SBS 2003
... hosting and PROTECTING a website is specialist field and ... As leythos says you need to open HTTP port to the www. ... network settings are on servers internet connections. ...
(microsoft.public.windows.server.sbs)
Re: SBS 2003 and Outlook RPC over HTTP issues
... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ... I have about 20 of these SBS machines at other locations and have ...
(microsoft.public.windows.server.sbs)
Re: Help understanding error message
... Saravana Kumar [MVP - BizTalk Server] ... Receive port is reported to be HTTP but I don't any see HTTP packets in ... Maybe you set up a two-way send port being directed to a one-way ... Details:"Unable to read data from the transport connection: The ...
(microsoft.public.biztalk.general)
Re: [fw-wiz] tunnel vs open a hole
... It does depend on what protocols you are passing through the port or the ... If the protocol is pure HTTP, ... If the protocol is new whizbang multi-media binary with no RFC or complete ... or tunnel over currently open port 80? ...
(Firewall-Wizards)