Vulnerability Development mailing list archives
RE: /instmsg/alias/annoying_web_logs ;)
From: "Shawn K. Hall (RA/Security)" <Security () ReliableAnswers com>
Date: Fri, 18 Oct 2002 19:40:29 -0400
Hi Dave,
I get billions of these things too, its part of some MSN groups/chat thing, essentially it takes requests the "alias" of the email address (dave () immunitysec com => /instmsg/alias/dave). Might be fun to send back some looooong responses ;) My favorites are all the ones that originate from microsoft "tide" addresses... They send me some funny referrers from their intranet servers once in a while too.
What you're seeing is actually from Exchange. It serves as a instant messaging service available through Outlook 2000 and 2002 when used in corporate mode with Exchange to provide variable access methods to contact an individual. The request itself is a "discovery" request to determine whether your server 'supports' instant messaging via Microsoft's protocol(s). The reason you get them at "/instmsg/alias/dave" is because someone that uses one of those clients added you to their address book, which then triggered their exchange server to poll your server (based on your email address) to see if it supported that protocol. There is a 'loosely' supportive list of the headers required to support this protocol on alternate platforms if you are interested. It functions via SOAP - sending xml headers within the request that identify certain behavioral properties. The specs are available at MS' website under the services listing. Oh - and since it is an Exchange function - it's not only clients that would likely be vulnerable, but Exchange Server, too. Regards, Shawn K. Hall http://ReliableAnswers.com/
Current thread:
- Re: Hashes,File protection,etc, (continued)
- Re: Hashes,File protection,etc Dan Kaminsky (Oct 14)
- Re: Hashes,File protection,etc Dave Aitel (Oct 14)
- /instmsg/alias/annoying_web_logs ;) H D Moore (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Elan Hasson (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) Chip McClure (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Shawn K. Hall (RA/Security) (Oct 20)
- Re: Hashes,File protection,etc Tony (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 15)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 16)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 16)
- Re: Hashes,File protection,etc Bob Mathews (Oct 16)
- Re: Hashes,File protection,etc Jose Nazario (Oct 15)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
- RE: Hashes,File protection,etc Rich Cower (Oct 15)
- Re: Hashes,File protection,etc Eric Fritzges (Oct 15)