[Dshield] User Agent

KrogNetix abuse at allover.ca
Wed Feb 1 20:47:55 GMT 2006


Admins,

Seems to be a lot of this "HTTP_Connect_Proxy_Bypass_SMTP" attempts lately.
They are all coming for "hinet.net" based IP addresses.

---------------------------------------------
HTTP_Connect_Proxy_Bypass_SMTP, 220.137.78.148,
220-137-78-148.dynamic.hinet.net, 65.x.x.x, ,
Proxy_Target=msa-mx10.hinet.net&Port=25
---------------------------------------------

I am assuming this hack only works if MS SMTP is up and running on a Windows
box? We of course do not use MS SMTP, so this activity is useless in our
case. Has anyone seem any examples of attempts like that that have
succeeded? Has anyone ever reported this activity to "hinet.net" with any
response? It seems it would be difficult to block this activity, as it is
inbound on TCP 80.

Greatly appreciated.

------------------
M. McBride
Security Admin
Allover/ KrogNetix
Vancouver CA
888-320-TECH








More information about the list mailing list