Re: /sumthin Revisited

Maybe it's a port 80 scanner that captures banner info. Issuing GET /sumthin would 99.99% produce a 404 and some server info which could be added to a database. Apart from that I can't think of any reason why this request would be made!

Chris Norris

• Original Message ----- From: "Noam Eppel" <noam@noameppel.com> To: <jmaywood1975@hushmail.com>; <keydet89@yahoo.com>; <bugtraq@cgisecurity.net>; <loon@loadedpenguin.com>; <EslerJ@RCERT-S.ARMY.MIL>; <jcalhoun@lurhq.com>; <A20FBW1@wpo.cso.niu.edu>; <the_ferg@hotmail.com>; <JBeckett@enviance.com>; <ksaj@penetrationtest.com> Cc: <webappsec@securityfocus.com>; <incidents@securityfocus.com> Sent: Sunday, January 05, 2003 12:14 AM Subject: /sumthin Revisited

>
> Okay, I will go on record saying the /sumthin mystery is concerning me ;-)
would
> be interested to see if anyone has access to one of the computers sending
out
> the requests?
get my
> hands on for further analysis. For those that can, please forward the
related
> logs to noam@noameppel.com!
404
> 640 "-" "-"

--

> This list is provided by the SecurityFocus ARIS analyzer service.

> For more information on this free incident handling, management

> and tracking system please see: http://aris.securityfocus.com

>

>



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com