Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Logs showing GET /.hash=...

From: "Chris Mann" <CMann () stonebridgebank com>
Date: Wed, 30 Apr 2003 13:30:31 -0400
WinMX is a p2p file sharing program like KaZaa. If memory serves, WinMx
would send a request to a webpage to validate your membership and
start/stop downloads. 



Kindest,

Christopher Mann
Systems Administrator
Stonebridge Bank
610.235.1515
cmann () stonebridgebank com
http://www.stonebridgebank.com


Keith Bergen <keith () keithbergen com> 04/30/03 09:54AM >>>

I have seen log entries in the form:
dormtw.isu.edu.tw - - [29/Apr/2003:22:04:17 -
0400] "GET /.hash=8a8a30842bc6698dd1cbcb31191fc9e76018ea4c 
HTTP/1.1" 404 323
dormtw.isu.edu.tw - - [29/Apr/2003:22:04:22 -
0400] "GET /.hash=355bcee01e59b87d9cc33d4ae3cc8edf5f022d2a 
HTTP/1.1" 404 323
dormtw.isu.edu.tw - - [29/Apr/2003:22:04:24 -
0400] "GET /.hash=51f6ec2b496fa6fac83a88d7978321c7b64a5969 
HTTP/1.1" 404 323

I looked at past posts, and one indicates that this might be 
KaZaa traffic. The other post indicated it was "WinMX". Can 
somebody expand on this? For example, what is WinMX? Also, 
why would KaZaa connect to port 80?

Thanks,
Keith.

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
the 
world's premier event for IT and network security experts.  The two-day

Training features 6 hand-on courses on May 12-13 taught by
professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no
vendor 
sales pitches.  Deadline for the best rates is April 25.  Register
today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: