Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Stopping generic http scanning

Status
Not open for further replies.
ohif

ohif

IS-IT--Management
Jun 11, 2003
78
0
0
US
I am using e-trust Intrusion Detection and I have everything pretty well locked down tight. But in the alerts in Intrusion detection, there is always alerts about http intrusion scans...

Http generic intrusion scan
Http jrun common intrusions
Checkpoint firewall-1 remote resource overload
Http double slash access control circumvention
Mail-Relay
Http server-side intrusions
Http Cold-Fusion intrusions/scans

It then lists the ip of the attacker and most of the http intrusion alerts are from websites I have recently visited. The rules in IDS will not allow me to block this. Is there anything else I could do to stop this stuff??? Besides blocking ip's at the router?
 
Sort by date Sort by votes
Responses from websites you visit should not be returning packets to your machine that contain these attack signatures, unless they are compromised sites that contain malicious code.
Are you sure the source IP is from the websites you visit? Or is the source IP your address?
Maybe posting the decoded packet of one such attack might help.

I'll see your DMCA and raise you a First Amendment.
 
Upvote 0 Downvote
Other than blocking some ip's though, you really can't stop port scanning. If you have everything locked down and stay on top of things, you don't have anything to worry about.

"I do not feel obliged to believe that the same God who has endowed us with sense, reason, and intellect has intended us to forgo their use."
- Galileo Galilei
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

napoleao
  • Locked
  • Question
Http Proxy & HTTPS Proxy
Replies
5
Views
67
hairlessupportmonkey
hairlessupportmonkey
xylax
  • Locked
  • Question
Redirecting HTTP traffic from INSIDE to OUTSIDE using ASA NATs
Replies
0
Views
31
xylax
xylax
pichels
  • Locked
  • Question
PIX 506e - v6.3(5): syslogging only HTTP/S traffic?
Replies
0
Views
22
pichels
pichels
BobbyTampa
  • Locked
  • Question
Http-Proxy for Terms of Use
Replies
2
Views
31
buwrito
buwrito
VrRotatetx
  • Locked
  • Question
ASA Incoming HTTP forwarding
Replies
1
Views
27
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top