DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back to catalog
code trav

Path traversal attempts

Syndu annotates all incoming traffic and extracts behavioral signals that help explain intent. This page defines the trav signal — what it means, how to interpret it, and how it will later connect to live evidence across IPs, subnets, organizations, ISPs, countries, and cities.

Signal gist Request paths/parameters resemble attempts to access files outside intended directories.
Read the definition → View live signal sections →

Definition

Canonical reference for trav behavior.
Catalog code
trav
Display name
Path traversal attempts
How to read this signal
This annotator represents a behavioral pattern, not a claim of identity. It’s designed to help you understand why certain traffic looks suspicious, automated, probing, or exploit-oriented — and to support consistent reporting across the Syndu system.
Explanation
Flags directory/path traversal indicators (e.g., patterns intended to escape a web root or reach system files). Used to explain suspicious path crafting commonly seen during reconnaissance. False positives can occur if user-supplied content legitimately contains traversal-like strings, so repetition and endpoint context matter.

Live sections

These panels will be wired to real metrics, enrichment context, and drill-down links.
Signal footprint over time
Rolling volume, bursts, first/last seen, and time-window slices (e.g. last hour/day/week). This will help separate chronic background noise from active campaigns.
Coming next: time series + burst markers
Top affected entities
Links to the entities where trav is most present: IPs, subnets, organizations/ASNs, ISPs, and geographies — with “why” context.
Coming next: entity leaderboards + drill-down
Enrichment context
How enrichment affects interpretation: known crawlers, monitored ranges, trusted scanners, or policy exceptions. This is where “benign but noisy” gets separated from “unknown and risky.”
Coming next: enrichment flags + allowlist context