Hosting Provided By

Re: /sumthin Revisited

From: Chris Barford <C.Barford(at)student.umist.ac.uk>
Date: Mon Jan 06 2003 - 16:35:23 EST

I can't confirm this but I would guess this would be a good way to get the http headers of websites. Perhaps then following this a potential hacker could see you were for example running IIS 5.0 and in subsequent scans check for the unicode exploits. Or a more likely cause would be to get a list of apache servers to try to use the openssl-too-open exploits against

Perhaps the actual scanner is wanting a 404 page to compare against its database so that if the http reply headers have been altered it can get more information anyway. Altho that is pure speculation on my part

Quoting Noam Eppel <noam@noameppel.com>:

>
> Okay, I will go on record saying the /sumthin mystery is concerning me ;-)

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Tue Jan 7 14:37:39 2003

This message: [ Message body ]
Next message: sysadmin: "Re: Root password changed"
Previous message: Chris Barford: "Re: Root password changed"
In reply to Noam Eppel: "/sumthin Revisited"
Next in thread: H D Moore: "Re: /sumthin Revisited"
Reply: H D Moore: "Re: /sumthin Revisited"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:55 EDT