Re: /sumthin Revisited

From: H D Moore (
Date: 02/01/03

  • Next message: Nick FitzGerald: "Re: klez variant??"
    From: H D Moore <>
    To:, Noam Eppel <>
    Date: Sat, 1 Feb 2003 14:59:50 -0600

    A couple servers I manage have been getting these off and on for months,
    the last one was last night, the originating host was a broadband user on
    ATTBI who was filtering everything inbound.

    On Monday 06 January 2003 03:35 pm, Chris Barford wrote:
    > I can't confirm this but I would guess this would be a good way to get
    > the http headers of websites. Perhaps then following this a potential
    > hacker could see you were for example running IIS 5.0 and in subsequent
    > scans check for the unicode exploits. Or a more likely cause would be
    > to get a list of apache servers to try to use the openssl-too-open
    > exploits against

    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: