Re: /sumthin Revisited

[H D Moore <sflist () digitaloffense net>]

A couple servers I manage have been getting these off and on for months, 
the last one was last night, the originating host was a broadband user on 
ATTBI who was filtering everything inbound. 

On Monday 06 January 2003 03:35 pm, Chris Barford wrote:
> I can't confirm this but I would guess this would be a good way to get
> the http headers of websites. Perhaps then following this a potential
> hacker could see you were for example running IIS 5.0 and in subsequent
> scans check for the unicode exploits. Or a more likely cause would be
> to get a list of apache servers to try to use the openssl-too-open
> exploits against




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com