Okay, I will go on record saying the /sumthin mystery is concerning me ;-) The original post is here: Subject: HTTP attack looking for /sumthin ? Date: Oct 17 2002 4:55PM Author: <jmaywood1975at_private> http://online.securityfocus.com/archive/75/295738 Has anyone been able to track down what causes the /sumthin requests? I would be interested to see if anyone has access to one of the computers sending out the requests? Also I am trying to collect logs of as many /sumthing requests as I can get my hands on for further analysis. For those that can, please forward the related logs to noamat_private! Here are some more requests from the last few days to www.noameppel.com: 216.230.142.50 - - [02/Jan/2003:01:29:52 -0600] "GET /sumthin HTTP/1.0" 404 640 "-" "-" 216.184.98.3 - - [02/Jan/2003:07:09:49 -0600] "GET /sumthin HTTP/1.0" 404 638 "-" "-" applwi01-vlan485-106.dsl.tds.net - - [03/Jan/2003:17:20:52 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" 211.252.55.67 - - [03/Jan/2003:18:04:14 -0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" applwi01-vlan485-106.dsl.tds.net - - [04/Jan/2003:08:07:27 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" Cheers! Noam Eppel noamat_private http://www.noameppel.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 20:09:06 PST