groups.google.com is your friend: http://lists.insecure.org/lists/incidents/2002/Oct/0161.html Glenn -----Original Message----- From: Noam Eppel [mailto:noamat_private] Sent: Saturday, January 04, 2003 4:15 PM To: jmaywood1975at_private; keydet89at_private; bugtraqat_private; loonat_private; EslerJ@RCERT-S.ARMY.MIL; jcalhounat_private; A20FBW1at_private; the_fergat_private; JBeckettat_private; ksajat_private Cc: webappsecat_private; incidentsat_private Subject: /sumthin Revisited Okay, I will go on record saying the /sumthin mystery is concerning me ;-) The original post is here: Subject: HTTP attack looking for /sumthin ? Date: Oct 17 2002 4:55PM Author: <jmaywood1975at_private> http://online.securityfocus.com/archive/75/295738 Has anyone been able to track down what causes the /sumthin requests? I would be interested to see if anyone has access to one of the computers sending out the requests? Also I am trying to collect logs of as many /sumthing requests as I can get my hands on for further analysis. For those that can, please forward the related logs to noamat_private! Here are some more requests from the last few days to www.noameppel.com: 216.230.142.50 - - [02/Jan/2003:01:29:52 -0600] "GET /sumthin HTTP/1.0" 404 640 "-" "-" 216.184.98.3 - - [02/Jan/2003:07:09:49 -0600] "GET /sumthin HTTP/1.0" 404 638 "-" "-" applwi01-vlan485-106.dsl.tds.net - - [03/Jan/2003:17:20:52 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" 211.252.55.67 - - [03/Jan/2003:18:04:14 -0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" applwi01-vlan485-106.dsl.tds.net - - [04/Jan/2003:08:07:27 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" Cheers! Noam Eppel noamat_private http://www.noameppel.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 12:29:19 PST