[Dshield] What is web request for M83A
Johannes B. Ullrich
jullrich at sans.org
Wed Dec 10 13:38:52 GMT 2003
I haven't found the tool yet that causes this. There are two likely
- the intent is to grab the error page to figure out what kind of server
your are running
- some vulnerable cgi script is using this URL.
On Wed, 2003-12-10 at 06:24, Brian Jameson wrote:
> At 3:54am this morning I received a scan from a UK University on port 80 of
> my public ip addresses for 'GET /M83A HTTP/1.0'. A search of google shows
> that this turns up in many peoples web logs. Other than that I drew a blank!
> The normal snort rules failed to pick it up. Can anyone enlighten me about
> about this?
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 786 1563
fax: (617) 786 1550 jullrich at sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031210/a8031a25/attachment.bin
More information about the list