Default IIS install subject to hacks?

Forum Moderators: open

Message Too Old, No Replies

Default IIS install subject to hacks?

Is port 80 open by default

youfoundjake

12:22 am on Nov 4, 2006 (gmt 0)

After installing IIS on a windows xp or or windows 2000 server or 2003 server, a default intall without using the iis lockdown tool,
on a home LAN, using a netgear or linksys router, does IIS open port 80 and and sit in a listening state so that if a port scan is done on the ip address will it reveal that port?

LifeinAsia

12:26 am on Nov 4, 2006 (gmt 0)

When you add sites to IIS, you have to specify the port for that site. The default install adds an Administration Web Site with a random port, but I don't remembe rthat it automatically ads any other sites.

If no web sites are setup to use port 80, I'm not sure what will be returned during a port scan.

txbakers

3:10 pm on Nov 4, 2006 (gmt 0)

Yes, port 80 is open by default.

aspdaddy

4:33 pm on Nov 5, 2006 (gmt 0)

It also allows anonymous access by default and doesnt log the port numbers being scanned.

You need to follow a good guide to make sure you deal with all the default vunerabilities before publishing your server.