There have been several posts over the past few months inquiring about http requests with the fingerprint "GET /sumthin HTTP/1.0". One poster found source code and posted it here: http://www.securityfocus.com/archive/75/313283/2003-02-23/2003-03-01/2 I have however come across a completely different tool that uses the same GET request. It may be a second version of the tool, but the package has some interesting properties, perhaps even a surprise for the script kiddies who are using it. It comes packaged as a set of binaries, so I have disassembled it and have posted an analysis here: http://www.lurhq.com/atd.htm -Joe -- Joe Stewart, GCIH Senior Intrusion Analyst LURHQ Corporation http://www.lurhq.com/ <b> ---------------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-incidents2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ---------------------------------------------------------------------------- </b>
This archive was generated by hypermail 2b30 : Mon Apr 07 2003 - 15:52:44 PDT