## IIS and Alternative Data Streams: How users could hide scripts and movies

Awhile back we were talking about the use of Alternative Data Streams in NTFS for hiding files (see http://www.antionline.com/showthread...ht=alternative ). I was thinking about what I could do in a tutorial about Alternative Data Streams that would make it somewhat original, which brought to mind a question: Does IIS look at Alternative Data Streams? So I did the following commands to see:

Code:
```W:\&gt;echo the text file&gt;t.txt

W:\&gt;type xx.php &gt;t.txt:x.php```
xx.php being an php file with the following code:

Code:
```&lt;HTML&gt;
&lt;BODY&gt;
&lt;PRE&gt;
&lt;?
echo "If I see this I know it worked"
?&gt;

&lt;/BODY&gt;
&lt;/HTML&gt;```
Then I when to try and see if it would see the text file (Tiger Shark, please forgive me for posting the URL of my student site, I know I should be more worried about stalking but I’m an open sort of guy):