GEN:SID | 1:1139 |
Message | WEB-MISC whisker HEAD/./ |
Summary | This event is generated when an attempt is made to evade an IDS in a possible web attack by sending an obfuscated request.
|
Impact | Unknown.
|
Detailed Information | Some CGI attacks can be accomplished by using HEAD instead of GET. Additionally, some web servers will interpret "/./" as simply "/". An attacker might try to combine these methods in an attempt to obfuscate an attack or during the reconnaissance phase of a penetration attempt in order to bypass an IDS.
|
Affected Systems | All Web Servers. |
Attack Scenarios | An attacker may use an automated tool, like Whisker, to obfuscate an attack.
|
Ease of Attack | Simple. Exploit scripts and tools are widely available.
|
Corrective Action | Examine the host for signs of compromise.
|
Additional References | |
Rule References | url: www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
|