Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: /sumthin Revisited

From: "Wolf, Glenn" <glenn.wolf () we-inc com>
Date: Mon, 6 Jan 2003 12:02:35 -0800 
groups.google.com is your friend:
http://lists.insecure.org/lists/incidents/2002/Oct/0161.html

Glenn


-----Original Message-----
From: Noam Eppel [mailto:noam () noameppel com] 
Sent: Saturday, January 04, 2003 4:15 PM
To: jmaywood1975 () hushmail com; keydet89 () yahoo com; bugtraq () cgisecurity net;
loon () loadedpenguin com; EslerJ () RCERT-S ARMY MIL; jcalhoun () lurhq com;
A20FBW1 () wpo cso niu edu; the_ferg () hotmail com; JBeckett () enviance com;
ksaj () penetrationtest com
Cc: webappsec () securityfocus com; incidents () securityfocus com
Subject: /sumthin Revisited



Okay, I will go on record saying the /sumthin mystery is concerning me ;-)

The original post is here:
Subject:  HTTP attack looking for /sumthin ?
Date:  Oct 17 2002 4:55PM
Author:  <jmaywood1975 () hushmail com> 
http://online.securityfocus.com/archive/75/295738

Has anyone been able to track down what causes the /sumthin requests? I
would 
be interested to see if anyone has access to one of the computers sending
out 
the requests?

Also I am trying to collect logs of as many /sumthing requests as I can get
my 
hands on for further analysis. For those that can, please forward the
related 
logs to noam () noameppel com!

Here are some more requests from the last few days to www.noameppel.com:

216.230.142.50 - - [02/Jan/2003:01:29:52 -0600] "GET /sumthin HTTP/1.0" 404 
640 "-" "-"
216.184.98.3 - - [02/Jan/2003:07:09:49 -0600] "GET /sumthin HTTP/1.0" 404 
638 "-" "-"
applwi01-vlan485-106.dsl.tds.net - - [03/Jan/2003:17:20:52 -
0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-"
211.252.55.67 - - [03/Jan/2003:18:04:14 -0600] "GET /sumthin HTTP/1.0" 404 
639 "-" "-"
applwi01-vlan485-106.dsl.tds.net - - [04/Jan/2003:08:07:27 -
0600] "GET /sumthin HTTP/1.0" 404 639 "-" "-"

Cheers!

Noam Eppel
noam () noameppel com
http://www.noameppel.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: