[Dshield] Is This Depicting a Security Hole in HTTPD?

Ed Truitt ed.truitt at etee2k.net
Tue Dec 6 17:50:45 GMT 2005


Looks like it to me - is Apache set up as a proxy?

-EdTr.
-----Original Message-----
From: David Cary Hart <DShield at TQMcube.com>
Date: Tue, 6 Dec 2005 12:16:34 
To:General DShield Discussion List <list at lists.dshield.org>
Subject: [Dshield] Is This Depicting a Security Hole in HTTPD?

I don't like the look of these log prints. Are these successful attempts
to relay mail through Apache?

59.104.54.157 - - [06/Dec/2005:11:58:09 -0500] "CONNECT 210.200.181.193:25 HTTP/1.0" 200 4702 "-" "-"
59.104.54.157 - - [06/Dec/2005:11:58:30 -0500] "CONNECT 210.200.181.194:25 HTTP/1.0" 200 4702 "-" "-"
59.104.54.157 - - [06/Dec/2005:11:58:34 -0500] "CONNECT 210.200.181.193:25 HTTP/1.0" 200 4702 "-" "-"

-- 
Our DNSRBL - 
       Eliminate Spam: http://www.TQMcube.com/spam_trap.php
        Zombie Graphs: http://www.TQMcube.com/zombies.php
          GeoGraphics: http://www.TQMcube.com/origins.php
_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless


More information about the list mailing list