> > > --=-JDGRKxNXGaJQ/wbvHyBY > Content-Type: text/plain > Content-Transfer-Encoding: quoted-printable > > Exchange and MSN Messanger are the top leads so far. :> Someone install > MSN Messanger and find out! (Doesn't ANYONE run that thing?) :> > > -dave > Here is a good question. we know it is sending GET requests to a webserver. I assume IIS must have something setup to get queries and forward to the messaging client? What if IIS isn't installed does something else answer it, if so what? - zenoat_private > > On Tue, 2002-10-15 at 10:05, zeno wrote: > > >=20 > > > I get billions of these things too, its part of some MSN groups/chat=20 > > > thing, essentially it takes requests the "alias" of the email address=20 > > > (daveat_private =3D> /instmsg/alias/dave). Might be fun to send b= > ack=20 > >=20 > > These things are damn annoying. I get probably 5 of these a day and 1 per= > son keeps checking me every > > few hours.=20 > >=20 > >=20 > > > some looooong responses ;) My favorites are all the ones that originate= > =20 > > > from microsoft "tide" addresses... They send me some funny referrers fr= > om=20 > > > their intranet servers once in a while too. > > >=20 > >=20 > > Ha.=20 > >=20 > >=20 > > > --- > > > "Immunity also gets a lot of requests for /instmsg/alias/dave, which=20 > > > doesn't exist. I'm curious what web client plugin causes this behavior.= > =20 > > > And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and=20 > > > other FrontPage-style requests. Somewhere here I smell an exploitable=20 > > > client-side vulnerability." > > > --- > > > > >=20 > >=20 > > I'm curious do we know this is MSN messanger? Anybody else know if AIM or= > another client sends > > these requests? > >=20 > > - zeno > >=20 > > =20 > --=20 > Dave Aitel <daveat_private> > Immunity, Inc > > --=-JDGRKxNXGaJQ/wbvHyBY > Content-Type: application/pgp-signature; name=signature.asc > Content-Description: This is a digitally signed message part > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQA9rCF7B8JNm+PA+iURAvV/AKDxWhCZrGtmz9y3eyCSgab3DuO2uQCgq405 > U+FUmm26fv9Lk/nBbOYwcZE= > =AFPz > -----END PGP SIGNATURE----- > > --=-JDGRKxNXGaJQ/wbvHyBY-- > >
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 13:15:06 PDT