RE: [Full-disclosure] Strange HTTP requests



-----Original Message-----
From: Shannon Johnston
Sent: Wednesday, June 14, 2006 10:17 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Strange HTTP requests

I'm seeing a ton of HTTP requests in the following fashion:

GET index.html - 80 - <ip address> HTTP/1.1 fuujcbjbGbagkmkGuj7kmgnebl
+qekaf - - website.com 302 0 0 532 206 218
The random string would normally be the user-agent. I can't help but
think this is a bot of some sort.
Anybody know of anything that would produce this?

Are they all index.html requests? How often do you get them? From how
many different IP's?
It could be just a proxy or a firewall set up to change the user-agent
to some random string, but whether they're surfers or bots you can tell
by looking at all such lines - to me, an index.html alone doesn't tell
me much, maybe others have seen this though and know what it is.

php0t
www.zorro.hu


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Robots.txt - syntax question.
    ... User-agent: Googlebot-Image ... to keep the ia_archiver bot from archiving any part ... Image search. ...
    (alt.internet.search-engines)
  • Re: Screening robots for signup forms
    ... as part of the form they fill out to get the account. ... The signup page generates a random string to put in the image. ... the session ID to generate it, since the bot gets the session ID, ...
    (comp.lang.php)
  • Re: spidering Amazon website
    ... User-agent: * ... The bot is running already, their robots.txt does not deny it: ... There are tons and tons of bots that are spidering sites, ... There's a delay inclusion in robots.txt ...
    (alt.internet.search-engines)
  • Re: Holy Mackerel!!!! Look at all these LINUX SECURITY HOLES!!!!!!
    ... User-Agent: KNode/0.10.1 ... and responding to Barney The Bot. ...
    (alt.os.linux.suse)
  • Re: Meaning of Referrer="-" and user-agent="Java/1.4.1_04"?
    ... The user-agent is probably the default value from HTTP client implementation ... Referer "-" simply means 'no referer ... So you have someone who implemented a bot in java and didn't care to ...
    (alt.html)