Re: /sumthin Revisited

From: H D Moore (
Date: 02/01/03

  • Next message: Nick FitzGerald: "Re: klez variant??"
    From: H D Moore <>
    To:, Noam Eppel <>
    Date: Sat, 1 Feb 2003 14:59:50 -0600

    A couple servers I manage have been getting these off and on for months,
    the last one was last night, the originating host was a broadband user on
    ATTBI who was filtering everything inbound.

    On Monday 06 January 2003 03:35 pm, Chris Barford wrote:
    > I can't confirm this but I would guess this would be a good way to get
    > the http headers of websites. Perhaps then following this a potential
    > hacker could see you were for example running IIS 5.0 and in subsequent
    > scans check for the unicode exploits. Or a more likely cause would be
    > to get a list of apache servers to try to use the openssl-too-open
    > exploits against

    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see:

    Relevant Pages

    • Re: SIGINFO for Portable OpenNTP on Linux
      ... 100ms across a handful of servers and PCs on a LAN. ... You get double timestamps one from the originating host, ...
    • Re: Exchange 2003 SP2/Sender ID
      ... originating host should be one of the Google MX servers included in the SPF ... Well, it may not be their MX servers, Those are for inbound messages. ... is the real domain (from the "From:" header) of the PRA and the IP ...
    • Re: Why wont servers start at boot, but will manually?
      ... but instead I need to log onto the console and type ... but the sshd and apache servers not started? ...