Full Disclosure mailing list archives
Re: Odd SEARCH Requests
From: <borg () hush com>
Date: Fri, 2 Apr 2004 11:38:45 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I posted links because the requests are huge. If anyone else has seen these requests, or might have any other info on it let me know. It
could possibly be ASN.1 related, but not sure. I tried the same
> request against a fully patched windows 2003 box with ISS 6.0 > running, but nothing happened I get these requests probably 6-10 times a day to my apache server. One of the ASN exploits floating around typically looks like this ("192.168.0.119 - - [02/Apr/2004:09:22:57 -0500] "\x16\x03" 501 - "-" "-"") in your apache logs, however that exploit generally isnt directed at a webserver because its netbios related exploit. So im not entirely sure it has anything to do with ASN. I must admit im a bit behind on MS exploits and vulns, i honestly dont care for that OS world. If memory serves me correctly, it might be a variation of the webdav exploit. Hope this helps. borg (ChrisR-) www.cr-secure.net -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkBt62kACgkQexF3vQr1Fl+bRwCfdQBLz7fRqhxJq79djA/COrSP+WcA nRhhXFY/CFHvetzFF4u5YZKH+oH5 =RCc9 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Odd SEARCH Requests badpack3t (Apr 02)
- <Possible follow-ups>
- Re: Odd SEARCH Requests borg (Apr 02)