Re: strange web traffic

From: Valdis.Kletnieksat_private
Date: Tue Aug 26 2003 - 10:00:32 PDT

Next message: Andrew McKnight: "RE: Can anyone identify this possible backdoor?"

Previous message: bugtraqat_private: "Re: strange HTTP requests"
In reply to: Pall Thayer: "strange web traffic"
Next in thread: Etaoin Shrdlu: "Re: strange web traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Aug 2003 09:48:28 -0000, Pall Thayer <pallat_private>  said:
identical:
> 
> GET / HTTP/1.1" 200 686 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
> 
> I managed to retrieve some info on one of the machines and found out that it
> was running Windows 2000, not 98.
> 
> Anyone have any info on this?

Guess 1:  The machine has some tool that allows the user to set the browser
string sent to the server, because many servers do silly things, such as fail to
display if it isn't IE6, even if no IE-specific features are used).

Guess 2: Your site creates 5 requests if it's an IE6.0 browser, but when
an IE5.5 connects, your site only returns one thing.  (If so, your site is
the sort of place why people do the things in (1))....

application/pgp-signature attachment: stored

Next message: Andrew McKnight: "RE: Can anyone identify this possible backdoor?"
Previous message: bugtraqat_private: "Re: strange HTTP requests"
In reply to: Pall Thayer: "strange web traffic"
Next in thread: Etaoin Shrdlu: "Re: strange web traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 10:56:56 PDT