[146070] in North American Network Operators' Group
Random five character string added to URLs?
daemon@ATHENA.MIT.EDU (Christopher J. Pilkington)
Tue Nov 1 15:51:52 2011
Date: Tue, 1 Nov 2011 15:51:04 -0400
From: "Christopher J. Pilkington" <cjp@0x1.net>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This might be off-topic, my apologies if so.
I seeing requests against a server with initial GET requests in the form:
GET /[a-zA-Z]{5}/pagename.html
pagename.html being optional. The 5 character string seems to be
random. This GET always results in a 404, as our servers don't have
these paths. The second request seems to always the same without the
modified path, which results in a 20.
I initially suspected this was something from an attack or DOS tool,
but the traffic doesn't fit such a pattern.
Is anyone familiar with what device/service behaves in this fashion?
Clearly something layer 7 is between the clients and the server.
Provider is without clue regarding this. Google results in many
GoDaddy users complaining of same; the server in question is not
hosted with them, but I suspect they may be doing something similar.
Thanks,
-cjp
