Windows Server Division WebLog : UrlScan 3.0 Beta and Tools to Help Mitigate SQL Injection Attacks:
http://blogs.technet.com/windowsserver/archive/2008/06/24/new-guidance-and-tools-to-help-mitigate-sql-injection-attacks.aspx
Running on this very server is URLScan 3.0.
..should it be run on a SBS 2003 box? Hmm….not ready to come out and say yes as I haven’t tested it yet. And you have to watch and if needed edit the SQL strings.. I’ve had to remove create, select, and delete from the string filters. Try to leave in “exec” and “/*” as those are key filters.
But try it on a test box, see if everything works… add the SQL injection string to the ini file. If a page gets blocked, then edit out the string by going into urlscan.ini and editing it.
[SQL Injection Strings]
—
%3b ; a semicolon
/*
@ ; also catches @@
char ; also catches nchar and varchar
alter
begin
cast
cursor
declare
drop
end
exec ; also
