/sumthin Revisited

From: Noam Eppel <noam(at)noameppel.com>
Date: Sat Jan 04 2003 - 19:14:49 EST

Okay, I will go on record saying the /sumthin mystery is concerning me ;-)

The original post is here:
Subject: HTTP attack looking for /sumthin ? Date: Oct 17 2002 4:55PM
Author: <jmaywood1975@hushmail.com>
http://online.securityfocus.com/archive/75/295738

Has anyone been able to track down what causes the /sumthin requests? I would be interested to see if anyone has access to one of the computers sending out the requests?

Also I am trying to collect logs of as many /sumthing requests as I can get my hands on for further analysis. For those that can, please forward the related logs to noam@noameppel.com!

Here are some more requests from the last few days to www.noameppel.com:

216.230.142.50 - - [02/Jan/2003:01:29:52 -0600] "GET /sumthin HTTP/1.0" 404 640 "-" "-"
216.184.98.3 - - [02/Jan/2003:07:09:49 -0600] "GET /sumthin HTTP/1.0" 404 638 "-" "-"
applwi01-vlan485-106.dsl.tds.net - - [03/Jan/2003:17:20:52 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" 211.252.55.67 - - [03/Jan/2003:18:04:14 -0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-"
applwi01-vlan485-106.dsl.tds.net - - [04/Jan/2003:08:07:27 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-"

Cheers!

Noam Eppel
noam@noameppel.com
http://www.noameppel.com

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Jan 6 15:02:56 2003