Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
mhoye (mhoye@mastodon.social)'s status on Saturday, 10-Aug-2024 01:33:25 JST mhoye

Modest log-reading infosec question: what am I looking at?
https://paste.mozilla.org/0A8Z3V3J
Those are Apache logs that suggest that somebody at that IP address is probing to see if some part of a node setup will be revealed if it picks... some particular user agent? And... what?
What is the chain of reasoning here?
In conversation about 4 months ago from mastodon.social permalink
Attachments
1. Untitled attachment
- Embed this notice
  silverwizard (silverwizard@convenient.email)'s status on Saturday, 10-Aug-2024 01:33:25 JST silverwizard
  in reply to
  
  @mhoye the very weird behaviour is it's all browser user agents. I didn't see curl, or a JS library. You'd think weird envs would be for automation
  
  In conversation about 4 months ago permalink
- Embed this notice
  mhoye (mhoye@mastodon.social)'s status on Saturday, 10-Aug-2024 01:41:52 JST mhoye
  in reply to
  - silverwizard
  @silverwizard I'm pretty sure this is trying to scan for UA-detection misconfigurations that accidentally allow secrets access, not any sort of genuine testing.
  
  In conversation about 4 months ago permalink
- Embed this notice
  silverwizard (silverwizard@convenient.email)'s status on Saturday, 10-Aug-2024 01:41:52 JST silverwizard
  in reply to
  
  @mhoye oh sure, actually using those UAs and not just lying
  
  In conversation about 4 months ago permalink

Feeds