UTM Firewall

Network Protection: Firewall, NAT, QoS, & IPS DDOS - WEB-PHP remote include path [Web Application Attack]

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 2 subscribers
Views 1631 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DDOS - WEB-PHP remote include path [Web Application Attack]

WaMaR over 18 years ago

Hi,

Today I had Web Application Attacks (WEB-PHP remote include path) to my Web server. Intrusion Protection statistic shows that maximum was 1370 events drop at one time.

I would like to check TCP packet content to see what remote path was include but how?

This thread was automatically locked due to age.

0 BarryG over 18 years ago

You can look at the IPS log, but if what you need isn't there, you'll have to try to capture the traffic yourself with tcpdump or something similar.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 WaMaR over 18 years ago in reply to BarryG

I hope ASL 7.0 will have auto capture function when some events limit will be surpassed.
Cancel
Vote Up 0 Vote Down

Cancel