[Dshield] Is This Depicting a Security Hole in HTTPD?

Jean-Pierre Schwickerath dshield at hilotec.net
Tue Dec 6 17:57:50 GMT 2005



> I don't like the look of these log prints. Are these successful
> attempts to relay mail through Apache?
> 
> 59.104.54.157 - - [06/Dec/2005:11:58:09 -0500] "CONNECT
> 210.200.181.193:25 HTTP/1.0" 200 4702 "-" "-" 59.104.54.157 - -
> [06/Dec/2005:11:58:30 -0500] "CONNECT 210.200.181.194:25 HTTP/1.0" 200
> 4702 "-" "-" 59.104.54.157 - - [06/Dec/2005:11:58:34 -0500] "CONNECT
> 210.200.181.193:25 HTTP/1.0" 200 4702 "-" "-"
> 


I tried this on my machine but I always got the local website. No way to
relay anything through it. But I might not have enough imagination.... 
Anyway, I believe you need to have the Apache Proxy-module or run
another proxy on port 80 to relay this kind of things, don't you?

Regards. 
Jean-Pierre

-- 
HILOTEC Engineering + Consulting GmbH
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/


More information about the list mailing list