Re: Which kind of attack?
- From: anonymous <anon@xxxxxxxxxxxxxxx>
- Date: 2 Oct 2006 17:44:21 -0000
Luigi Donatello Asero wrote:
"Sebastian Gottschalk" <seppi@xxxxxxxxx> skrev i meddelandet
Luigi Donatello Asero wrote:or
I have Internet Security and I got a message which, translated said more
was similarless that a computer with the adress 127.0.0.1 sent information which
to the information in the attack
HTTP MS IIS ASP Source disclosure.
What does that mean?
Nothing. Your network error simulation software simulated a network error.
Is that a kind of behaviour which is normal for Symantec Norton Internet
Of course not. You've fallen victim to Gottschalk's adolescent
substitute for "wit". :(
Source disclosure is a form of attack that tries to gain access to
information that wouldn't normally be given to others. Typically CGI
scripts, and normally to find vulnerabilities in those scripts. Known
and unknown. If you're not serving content then it's a good chance you
stumbled across a nefarious site that probes visitors for
vulnerabilities. If you do serve content you're more than likely seeing
a visitor who is "scanning" sites for vulnerabilities. Three's also an
outside chance it's coincidental, that NIS false alarmed on something
innocuous that just looked like an attack. the slogan "nothing is
Sad as it is this sort of activity is commonplace on the net. Probes
and scans are so prevalent it's impossible to keep up with them all, and
most people ignore them. The fact that NIS alerted you to something odd
should be reassuring in fact. You know it's working. IT pros know that
when you see no more breaking attempts you should start to get
paranoid. It's a good indication you've been compromised and someone is
scrubbing your logs to hide their activity. ;)