lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <B3BCAF4246A8A84983A80DAB50FE72422D8AC3@secnap2.secnap.com>
From: scheidell at secnap.net (Michael Scheidell)
Subject: GET /M83A making rounds again?

A google search for 'GET /M83A' finds lots of 'awstats' pages reporting
this, as well as some discussions, but no on seems to have an answer.

Is this a vulnerabilities scanning tool signature?
The preamble of a p2p file sharing network?

An attack against some undisclosed application?
Scan your logs, see what you get.

One of the latest comes from ip 193.84.40.199
(shown hitting 20 networks, 13000 times)

http://www.mynetwatchman.com/ListIncidentsbyIP.asp?IP=193.84.40.199

packet payload is:

IPv4: 193.84.40.199 -> xxx.xxx.xxx.xxx
      hlen=5 TOS=0 dlen=62 ID=37178 flags=2 offset=0 TTL=113
chksum=33442
TCP:  port=30668 -> dport: 80  flags=***AP*** seq=1601629704
      ack=907044503 off=5 res=0 win=65535 urp=0 chksum=65397
Payload:  length = 22

000 : 47 45 54 20 2F 4D 38 33 41 20 48 54 54 50 2F 31   GET /M83A HTTP/1
010 : 2E 30 0D 0A 0D 0A                                 .0....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ