Results 1 to 3 of 3

Thread: URL_Directory_Traversal attack

  1. July 20th, 2004, 09:37 PM #1
    foxyloxley
    foxyloxley is offline
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534

    Post URL_Directory_Traversal attack

    Ok, I've just got the following message from Norton NetSec 2004:

    A computer with the IP address 127.0.0.1 sent information
    that is characteristic of the URL_Directory_Traversal attack.
    Question is. What is this exactly ?
    is it a 'normal' operation ?
    is there something I'm doing / not doing ?

    I'm still finding my feet when it comes to securing my system.
    I'm aware of what 127.0.0.1 is,

    http://www.microsoft.com/windows2000...ting_table.htm

    From Google (our friend)

    OS = Win 2K Pro SP4 all patches, IE 6 all patches.

    I run AdAware, SpyBot S+D v1.3, Swatit Pro, Registry Mechanic.
    All updated, all ran recently, those that can, run in the back ground all the time.

    http://www.dslreports.com/forum/rema...4715~mode=flat

    Checked here, and the tale is that it isn't much of a worry, but I would appreciate some feedback to calm these frazzled nerves...................

    Thanks in advance
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone
    Reply With Quote Reply With Quote
  2. July 20th, 2004, 09:42 PM #2
    AngelicKnight
    AngelicKnight is offline
    AO Autobot AngelicKnight's Avatar
    Join Date
    Aug 2003
    Posts
    2,370
    I'm having similar problems, though slightly different. My firewall is sending me multiple warnings every day that IP spoofs are being attempted. They're false positives, however, because they originate 127.0.0.1 and CA is their destination (I'm presuming this is during signature updates).
    Reply With Quote Reply With Quote
  3. July 20th, 2004, 10:14 PM #3
    Tiger Shark
    Tiger Shark is offline
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Er.... You really shouldn't be using your IDS to surf the web etc. I kinda defeats the purpose of the IDS. It needs to be secure, browsing the web makes it insecure..... 'nuff said?

    127.0.0.1 should not be alerted upon, create a "pass rule" for 127.0.0.1 and it will be ignored.

    NOTE: Be careful with "pass" rules, they can bite you in the ass.

    The directory traversal attack is where the attacker tries, through various means, to move up the directory tree and then often back down again to another directory. kinda like issuing a:-

    cd\ <ENTER>
    cd winnt\system32 <ENTER>

    and then attemting to execute cmd.exe for example.

    If the target's permissions are correctly set a 404 will be returned, if not then you are in trouble because your permissions will allow execution of any application the attacker wishes that can be executed with command line switches and the output can be returned to the attacker.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules