Re: Which kind of attack?



Luigi Donatello Asero wrote:


"Sebastian Gottschalk" <seppi@xxxxxxxxx> skrev i meddelandet
news:4obonrFdl9suU1@xxxxxxxxxxxxxxxxx
Luigi Donatello Asero wrote:

I have Internet Security and I got a message which, translated said more
or
less that a computer with the adress 127.0.0.1 sent information which
was similar
to the information in the attack
HTTP MS IIS ASP Source disclosure.
What does that mean?

Nothing. Your network error simulation software simulated a network error.

Thank you.
Is that a kind of behaviour which is normal for Symantec Norton Internet
Security?

Of course not. You've fallen victim to Gottschalk's adolescent
substitute for "wit". :(

Source disclosure is a form of attack that tries to gain access to
information that wouldn't normally be given to others. Typically CGI
scripts, and normally to find vulnerabilities in those scripts. Known
and unknown. If you're not serving content then it's a good chance you
stumbled across a nefarious site that probes visitors for
vulnerabilities. If you do serve content you're more than likely seeing
a visitor who is "scanning" sites for vulnerabilities. Three's also an
outside chance it's coincidental, that NIS false alarmed on something
innocuous that just looked like an attack. the slogan "nothing is
perfect" applies.

Sad as it is this sort of activity is commonplace on the net. Probes
and scans are so prevalent it's impossible to keep up with them all, and
most people ignore them. The fact that NIS alerted you to something odd
should be reassuring in fact. You know it's working. IT pros know that
when you see no more breaking attempts you should start to get
paranoid. It's a good indication you've been compromised and someone is
scrubbing your logs to hide their activity. ;)

.