Re: "GET /.hash=" in HTTPd logs?

From: Joris De Donder (joris@digitaldefense.be)
Date: 11/29/02

Next message: Christian Friedl: "Re(2): ridiculous situation"

Previous message: firestoned: "IDS and netfilter"
In reply to: SFDC Admin: ""GET /.hash=" in HTTPd logs?"
Next in thread: Matias: "RE: "GET /.hash=" in HTTPd logs?"
Reply: Matias: "RE: "GET /.hash=" in HTTPd logs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 29 Nov 2002 14:57:52 +0100
From: Joris De Donder <joris@digitaldefense.be>
To: "SFDC Admin" <postmaster@security-forums.com>

> I've noticed recently on a few different machines entries like this:
> GET /.hash=8148dd8cd5c884d62cab26ccfa1aeaa045eab116
> GET /.hash=6baa50082310ba631358f57c8fb7eaadf752e055
> Any idea what is going on here?
> Is this some 0day exploit? Something old that is going round again?

Looks like Kazaa traffic.

Joris

Next message: Christian Friedl: "Re(2): ridiculous situation"
Previous message: firestoned: "IDS and netfilter"
In reply to: SFDC Admin: ""GET /.hash=" in HTTPd logs?"
Next in thread: Matias: "RE: "GET /.hash=" in HTTPd logs?"
Reply: Matias: "RE: "GET /.hash=" in HTTPd logs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]