RE: "GET /.hash=" in HTTPd logs?

From: Matias (matias@connmed.com.ar)
Date: 11/29/02

Next message: Devdas Bhagat: "Re: Need Help Building Linux Based Firewall"

Previous message: Glenn Valenta: "Re: ridiculous situation"
In reply to: Joris De Donder: "Re: "GET /.hash=" in HTTPd logs?"
Next in thread: David Alejandro Hernandez Alonso: "RE: Locking Cisco Router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Matias <matias@connmed.com.ar>
To: "SFDC Admin" <postmaster@security-forums.com>
Date: Fri, 29 Nov 2002 16:49:57 -0300

Looks like WinMX traffic too.

LoginRoot

-----Original Message-----
From: Joris De Donder [mailto:joris@digitaldefense.be]
Sent: Viernes, 29 de Noviembre de 2002 10:58 a.m.
To: SFDC Admin
Cc: security-basics@securityfocus.com
Subject: Re: "GET /.hash=" in HTTPd logs?

> I've noticed recently on a few different machines entries like this:
> GET /.hash=8148dd8cd5c884d62cab26ccfa1aeaa045eab116
> GET /.hash=6baa50082310ba631358f57c8fb7eaadf752e055
> Any idea what is going on here?
> Is this some 0day exploit? Something old that is going round again?

Looks like Kazaa traffic.

Joris

Next message: Devdas Bhagat: "Re: Need Help Building Linux Based Firewall"
Previous message: Glenn Valenta: "Re: ridiculous situation"
In reply to: Joris De Donder: "Re: "GET /.hash=" in HTTPd logs?"
Next in thread: David Alejandro Hernandez Alonso: "RE: Locking Cisco Router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]