HIDS 30155

From Atomicorp Wiki
Jump to: navigation, search
Rule 30155
Status Active
Alert Message Multiple attempts to access a non-existent file

Contents

[edit] Description

ASL is reporting that a client has attempted to access a non-existent file, or files, multiple times via Apache. ASL does not cause this event, nor does it control this, it simply reports when Apache reports that this has happened.

Disabling this rule will have no effect on Apache returning a non-existent file error. Disabling this rule will simply cause ASL to no longer report when this occurs.

ASL will also not shun on this event, so there is no effect on the end user. The default threshold to trip this rule is 25 non-existent file accesses in 60 seconds. Multiple accesses to non-existent files may indicate an attacker is attempting to find a vulnerable piece of software, or other sensitive information on the system. We not recommend you disable this rule.


[edit] Troubleshooting

[edit] False Positives

None.

If you do not wish to be alerted to these events, simply disable the rule. This will have no effect on Apaches behavior, it simply means ASL will no longer report this event.

[edit] Tuning Guidance

To configure the firewall to allow connections to this port, please see the ASL firewall documentation page.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

Personal tools