Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

/sumthin Revisited

From: Noam Eppel <noam () noameppel com>
Date: Sat, 4 Jan 2003 18:14:49 -0600

Okay, I will go on record saying the /sumthin mystery is concerning me ;-)

The original post is here:
Subject:  HTTP attack looking for /sumthin ?
Date:  Oct 17 2002 4:55PM
Author:  <jmaywood1975 () hushmail com> 
http://online.securityfocus.com/archive/75/295738

Has anyone been able to track down what causes the /sumthin requests? I would 
be interested to see if anyone has access to one of the computers sending out 
the requests?

Also I am trying to collect logs of as many /sumthing requests as I can get my 
hands on for further analysis. For those that can, please forward the related 
logs to noam () noameppel com!

Here are some more requests from the last few days to www.noameppel.com:

216.230.142.50 - - [02/Jan/2003:01:29:52 -0600] "GET /sumthin HTTP/1.0" 404 
640 "-" "-"
216.184.98.3 - - [02/Jan/2003:07:09:49 -0600] "GET /sumthin HTTP/1.0" 404 
638 "-" "-"
applwi01-vlan485-106.dsl.tds.net - - [03/Jan/2003:17:20:52 -
0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-"
211.252.55.67 - - [03/Jan/2003:18:04:14 -0600] "GET /sumthin HTTP/1.0" 404 
639 "-" "-"
applwi01-vlan485-106.dsl.tds.net - - [04/Jan/2003:08:07:27 -
0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-"

Cheers!

Noam Eppel
noam () noameppel com
http://www.noameppel.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: