Exchange and MSN Messanger are the top leads so far. :> Someone install MSN Messanger and find out! (Doesn't ANYONE run that thing?) :> -dave On Tue, 2002-10-15 at 10:05, zeno wrote: > > > > I get billions of these things too, its part of some MSN groups/chat > > thing, essentially it takes requests the "alias" of the email address > > (daveat_private => /instmsg/alias/dave). Might be fun to send back > > These things are damn annoying. I get probably 5 of these a day and 1 person keeps checking me every > few hours. > > > > some looooong responses ;) My favorites are all the ones that originate > > from microsoft "tide" addresses... They send me some funny referrers from > > their intranet servers once in a while too. > > > > Ha. > > > > --- > > "Immunity also gets a lot of requests for /instmsg/alias/dave, which > > doesn't exist. I'm curious what web client plugin causes this behavior. > > And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and > > other FrontPage-style requests. Somewhere here I smell an exploitable > > client-side vulnerability." > > --- > > > > > I'm curious do we know this is MSN messanger? Anybody else know if AIM or another client sends > these requests? > > - zeno > > -- Dave Aitel <daveat_private> Immunity, Inc
This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 15:10:05 PDT