[Dshield] RE: [Dshield]What is HTTP get /sumthin ?

John Sage jsage at finchhaven.com
Wed Aug 13 16:52:38 GMT 2003


Sebastian:

On Wed, Aug 13, 2003 at 04:22:29PM +0200, Sebastian wrote:
> hi there,
> 
> I found your post in a letter, could you tell me what http get and
> http post is?
> 
> Thanx a lot,
> 
> Seb

I believe generally there's no particular significance to the /sumthin
? portion, so much as it's an attempt by a prober to see if you're
running a web server that will respond to an http GET command and it
will (should..) also identify what sort of web server you're running.

Once an attacker establishes:

1) that you've got a web server running on your IP address;

2) that it responds to http GET's;

3) what sort of web server it is;

then they might move onward to more malicious exploits..


- John
-- 
"Obviously, we do not want to leave zombies around."

See our exciting, all-new look! http://www.finchhaven.com/

Note: The isc at incidents.org email address is an alias for a
 mailing list of approximately 30 volunteer incident handlers.
 You may receive responses from other individuals on that list.
 Please direct all communications to isc at incidents.org, so that
 everyone is kept "in the loop".




More information about the list mailing list