Re: /sumthin Revisited
From: H D Moore (sflist@digitaloffense.net)
Date: 02/01/03
- Previous message: Tomasz Papszun: "Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: H D Moore <sflist@digitaloffense.net> To: C.Barford@student.umist.ac.uk, Noam Eppel <noam@noameppel.com> Date: Sat, 1 Feb 2003 14:59:50 -0600
A couple servers I manage have been getting these off and on for months,
the last one was last night, the originating host was a broadband user on
ATTBI who was filtering everything inbound.
On Monday 06 January 2003 03:35 pm, Chris Barford wrote:
> I can't confirm this but I would guess this would be a good way to get
> the http headers of websites. Perhaps then following this a potential
> hacker could see you were for example running IIS 5.0 and in subsequent
> scans check for the unicode exploits. Or a more likely cause would be
> to get a list of apache servers to try to use the openssl-too-open
> exploits against
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Nick FitzGerald: "Re: klez variant??"
- Previous message: Tomasz Papszun: "Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
