I'm showing QID 27143 - Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability (MS02-018) in my scan results. In order to remediate this properly, I need to know what Qualys' detection method is.
Since QID 27143 is a denial of service vulnerability we cannot check for it directly. If vulnerable, this would have an adverse affect on the operation of your host. Instead, we gather other information during the scanning process that will help us ascertain if the vulnerability exists. Primarily, we utilize the information obtained on your IIS server and whether it is patched with ML02-018. If it is found not to be patched and there is an IIS FTP banner found then QID 27143 will be reported. Through CSS tests on redirect and error pages we determine if this patch is applied.
Qualys Support KnowledgeBase