Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

robots.txt access rules
From: Federico Petronio <petrus () activesec biz>
Date: Wed, 21 Jan 2004 11:14:58 -0300
Hi all...

I have installed snort-inline and I am customizing rulesets.
My cuestion is about the rule sid:1852 which match accesses to /robots.txt files. The goal of this rule is to not let access to information about sensitive areas of the webserver (which can be use to achive knowledge about restricted areas, etc), but if they are not present Google, etc. would intent to index those areas... So... what shoud I do? Is it better to have that rule active or inactive? The restriccted areas should be RESTRICTED and not just "hidden" so... the rule make no sence? 

I would like to hear you opions about this... Thanks a lot.
--
                                        Federico Petronio
                                        petrus () activesec biz


---------------------------------------------------------------------------
---------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]