Re: /sumthin Revisited

From: H D Moore (sflist@digitaloffense.net)
Date: 02/01/03

  • Next message: Nick FitzGerald: "Re: klez variant??"
    From: H D Moore <sflist@digitaloffense.net>
    To: C.Barford@student.umist.ac.uk, Noam Eppel <noam@noameppel.com>
    Date: Sat, 1 Feb 2003 14:59:50 -0600
    
    

    A couple servers I manage have been getting these off and on for months,
    the last one was last night, the originating host was a broadband user on
    ATTBI who was filtering everything inbound.

    On Monday 06 January 2003 03:35 pm, Chris Barford wrote:
    > I can't confirm this but I would guess this would be a good way to get
    > the http headers of websites. Perhaps then following this a potential
    > hacker could see you were for example running IIS 5.0 and in subsequent
    > scans check for the unicode exploits. Or a more likely cause would be
    > to get a list of apache servers to try to use the openssl-too-open
    > exploits against
    >

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com