Security Incidents mailing list archives
RE: /sumthin Revisited
From: "Wolf, Glenn" <glenn.wolf () we-inc com>
Date: Mon, 6 Jan 2003 12:02:35 -0800
groups.google.com is your friend: http://lists.insecure.org/lists/incidents/2002/Oct/0161.html Glenn -----Original Message----- From: Noam Eppel [mailto:noam () noameppel com] Sent: Saturday, January 04, 2003 4:15 PM To: jmaywood1975 () hushmail com; keydet89 () yahoo com; bugtraq () cgisecurity net; loon () loadedpenguin com; EslerJ () RCERT-S ARMY MIL; jcalhoun () lurhq com; A20FBW1 () wpo cso niu edu; the_ferg () hotmail com; JBeckett () enviance com; ksaj () penetrationtest com Cc: webappsec () securityfocus com; incidents () securityfocus com Subject: /sumthin Revisited Okay, I will go on record saying the /sumthin mystery is concerning me ;-) The original post is here: Subject: HTTP attack looking for /sumthin ? Date: Oct 17 2002 4:55PM Author: <jmaywood1975 () hushmail com> http://online.securityfocus.com/archive/75/295738 Has anyone been able to track down what causes the /sumthin requests? I would be interested to see if anyone has access to one of the computers sending out the requests? Also I am trying to collect logs of as many /sumthing requests as I can get my hands on for further analysis. For those that can, please forward the related logs to noam () noameppel com! Here are some more requests from the last few days to www.noameppel.com: 216.230.142.50 - - [02/Jan/2003:01:29:52 -0600] "GET /sumthin HTTP/1.0" 404 640 "-" "-" 216.184.98.3 - - [02/Jan/2003:07:09:49 -0600] "GET /sumthin HTTP/1.0" 404 638 "-" "-" applwi01-vlan485-106.dsl.tds.net - - [03/Jan/2003:17:20:52 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" 211.252.55.67 - - [03/Jan/2003:18:04:14 -0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" applwi01-vlan485-106.dsl.tds.net - - [04/Jan/2003:08:07:27 - 0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-" Cheers! Noam Eppel noam () noameppel com http://www.noameppel.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- /sumthin Revisited Noam Eppel (Jan 06)
- Re: /sumthin Revisited Chris Barford (Jan 07)
- Re: /sumthin Revisited Chris Norris (Jan 07)
- Re: /sumthin Revisited Sverre H. Huseby (Jan 07)
- RE: /sumthin Revisited Jonathan A. Zdziarski (Jan 07)
- RE: /sumthin Revisited Jonathan A. Zdziarski (Jan 07)
- Re: /sumthin Revisited Sverre H. Huseby (Jan 07)
- Re: /sumthin Revisited Michael Katz (Jan 07)
- Re: /sumthin Revisited noconflic (Jan 08)
- RE: /sumthin Revisited Jonathan A. Zdziarski (Jan 07)
- Re: /sumthin Revisited Sverre H. Huseby (Jan 07)
- <Possible follow-ups>
- RE: /sumthin Revisited Wolf, Glenn (Jan 07)
- RE: /sumthin Revisited Rob Keown (Jan 07)