The ISAPI

The ISAPI-DLL ncIDABlocker

refuse call of cmd.exe, default.ida, root.exe (CodeRed, Nimda)
prevents logging of such calls
saves your bandwidth

Brief description

CodeRed and other Worms are a problem for all system administrators and webmasters, not just those using IIS. It takes time and money to respond even if it is just a 404. ncIDABlocker is an ISAPI DLL that automatically processes and drops requests from infected servers and workstations.

If the "default.ida", "cmd.exe" or "root.exe"file is part of the Url, the component closes the session with the client without logging the URL in the IIS log. This preserves statistics tools for reading too long URLs and prevents that these files will be executed.

Further Plans

We plan a more generic tool which uses a plain text-file which works with simple search patterns to refuse Urls.

Installation

Step 1. Copy the file "idablocker.dll" in a directory like "c:\winnt\system32\inetsrv".

Step 2. Stop the "WWW publishing service" using the service control dialog.

Step 3. Open the Microsoft Management Console and open the properties of your computer name
under "Internet Information Server".

Hint: You can also highlight a single web and open its properties. In this case go to step 5 directly.

Step 4. Choose "WWW service" and click "Change...".

Step 5. Choose the tab "ISAPI filter" and click the "Add..."-button.

Step 6. Type in the filter name "IDABlocker" and the path of the file. Choose "OK" in all open dialog windows.

Step 7. Start the "WWW publishing service" using the service control dialog.

Step 8. Test the DLL by typing "http://localhost/default.ida", "http://localhost/cmd.exe", "http://localhost/root.exe" in your browser. The DLL works, if the server closes the session at once and you will get "Error: Server or DNS cannot be found.". If you get an "404 Not found." - error, something is wrong.

Support

If you have questions or suggestions, then you can send it to info@netcomplett.de.

Warranty Disclaimer

NETCOMPLETT MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF THIS SOFTWARE FOR ANY PURPOSE. THE SOFTWARE IS PROVIDED "AS IS" WITHOUT EXPRESS OR IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. THIS SOFTWARE IS PROVIDED GRATUITOUSLY AND, ACCORDINGLY, NETCOMPLETT SHALL NOT BE LIABLE UNDER ANY THEORY OR ANY DAMAGES SUFFERED BY YOU OR ANY USER OF THE SOFTWARE. NETCOMPLETT WILL NOT SUPPORT THIS SOFTWARE AND WILL NOT ISSUE UPDATES TO THIS SOFTWARE.

Disclaimer of Damages

REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL NETCOMPLETT BE LIABLE TO YOU FOR ANY SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING ANY LOST PROFITS OR LOST DATA ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE EVEN IF NETCOMPLETT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.