[Dshield] What is web request for M83A

Johannes B. Ullrich jullrich at sans.org
Wed Dec 10 13:38:52 GMT 2003


I haven't found the tool yet that causes this. There are two likely
reasons:

- the intent is to grab the error page to figure out what kind of server
your are running
- some vulnerable cgi script is using this URL.


On Wed, 2003-12-10 at 06:24, Brian Jameson wrote:
> At 3:54am this morning I received a scan from a UK University on port 80 of
> my public ip addresses for 'GET /M83A HTTP/1.0'. A search of google shows
> that this turns up in many peoples web logs. Other than that I drew a blank!
> The normal snort rules failed to pick it up. Can anyone enlighten me about
> about this?
> 
> regards,
> Brian
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031210/a8031a25/attachment.bin


More information about the list mailing list