July 20th, 2004, 09:37 PM
Ok, I've just got the following message from Norton NetSec 2004:
Question is. What is this exactly ?
A computer with the IP address 127.0.0.1 sent information
that is characteristic of the URL_Directory_Traversal attack.
is it a 'normal' operation ?
is there something I'm doing / not doing ?
I'm still finding my feet when it comes to securing my system.
I'm aware of what 127.0.0.1 is,
From Google (our friend)
OS = Win 2K Pro SP4 all patches, IE 6 all patches.
I run AdAware, SpyBot S+D v1.3, Swatit Pro, Registry Mechanic.
All updated, all ran recently, those that can, run in the back ground all the time.
Checked here, and the tale is that it isn't much of a worry, but I would appreciate some feedback to calm these frazzled nerves...................
Thanks in advance
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
July 20th, 2004, 09:42 PM
I'm having similar problems, though slightly different. My firewall is sending me multiple warnings every day that IP spoofs are being attempted. They're false positives, however, because they originate 127.0.0.1 and CA is their destination (I'm presuming this is during signature updates).
July 20th, 2004, 10:14 PM
Er.... You really shouldn't be using your IDS to surf the web etc. I kinda defeats the purpose of the IDS. It needs to be secure, browsing the web makes it insecure..... 'nuff said?
127.0.0.1 should not be alerted upon, create a "pass rule" for 127.0.0.1 and it will be ignored.
NOTE: Be careful with "pass" rules, they can bite you in the ass.
The directory traversal attack is where the attacker tries, through various means, to move up the directory tree and then often back down again to another directory. kinda like issuing a:-
cd winnt\system32 <ENTER>
and then attemting to execute cmd.exe for example.
If the target's permissions are correctly set a 404 will be returned, if not then you are in trouble because your permissions will allow execution of any application the attacker wishes that can be executed with command line switches and the output can be returned to the attacker.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides