Results 1 to 3 of 3

Thread: URL_Directory_Traversal attack

  1. #1
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    3rd Rock from Sun

    Post URL_Directory_Traversal attack

    Ok, I've just got the following message from Norton NetSec 2004:

    A computer with the IP address sent information
    that is characteristic of the URL_Directory_Traversal attack.
    Question is. What is this exactly ?
    is it a 'normal' operation ?
    is there something I'm doing / not doing ?

    I'm still finding my feet when it comes to securing my system.
    I'm aware of what is,


    From Google (our friend)

    OS = Win 2K Pro SP4 all patches, IE 6 all patches.

    I run AdAware, SpyBot S+D v1.3, Swatit Pro, Registry Mechanic.
    All updated, all ran recently, those that can, run in the back ground all the time.


    Checked here, and the tale is that it isn't much of a worry, but I would appreciate some feedback to calm these frazzled nerves...................

    Thanks in advance
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  2. #2
    I'm having similar problems, though slightly different. My firewall is sending me multiple warnings every day that IP spoofs are being attempted. They're false positives, however, because they originate and CA is their destination (I'm presuming this is during signature updates).

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Er.... You really shouldn't be using your IDS to surf the web etc. I kinda defeats the purpose of the IDS. It needs to be secure, browsing the web makes it insecure..... 'nuff said? should not be alerted upon, create a "pass rule" for and it will be ignored.

    NOTE: Be careful with "pass" rules, they can bite you in the ass.

    The directory traversal attack is where the attacker tries, through various means, to move up the directory tree and then often back down again to another directory. kinda like issuing a:-

    cd\ <ENTER>
    cd winnt\system32 <ENTER>

    and then attemting to execute cmd.exe for example.

    If the target's permissions are correctly set a 404 will be returned, if not then you are in trouble because your permissions will allow execution of any application the attacker wishes that can be executed with command line switches and the output can be returned to the attacker.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts