I have to give kudo's to the Microsoft IIS team for updating URLScan to help block automated sql injection attacks. Especially to Wade Hilmo and Nazim Lala. They have been very responsive when it came to involving the community (Thanks guys for the w3c logs). They (I'm sure along with others on the team) showed real passion to help provide a tool to make sites more secure. URLScan 3.0 can be used on IIS 6 and IIS 7 servers. With the release of URLScan 3.0, IIS Administrators have the ability to block automated attacks at a global or site level. Here is a link to download the rtw bits. If you have questions about URLScan 3.0, visit the Security forum @ http://forums.iis.net/1031.aspx
Personally, I've used URLScan 3.0 since the beta was released. It's helped block many attacks on the server hosting www.iislogs.com I've had to tweak the sql injection rules a bit so legitmate requests aren't affected, Check out my TAG on sql injections for more information. I wonder if Slashdot can post a article announcing URLScan 3.0 was released to help with attacks originally announced, here is the link.
I can see the headline. The IIS team responds with URLScan 3.0 to help with SQL Injections.
Cheers,
Steve