Re: another stupid question.

["security () nuvox net" <security () nuvox net>]

Looks like you have a proxy, secured for the CONNECT method but not for
the POST method.

Someone is connecting to the proxy on your host and attempting to
connect to a mail server on port 25; they could then send out spam from
that location, and it would trace back to your host, not theirs. POST
method is a little bit different, but gets the same results: you get
blamed for spam, and blacklisted.

See http://www.kb.cert.org/vuls/id/150227

That's a mighty checkered IP you've got yourself...

see: http://openrbl.org/ip/63/211/23/62.htm

--
Scott Lesley




On Tue, 2003-06-03 at 12:03, Zep wrote:
> I've googled log entries like the ones below, looking for some
> mention of the exploit/what's being attempted (port 25, I'm 
> guessing it's spam relay?) and how to make sure I'm not helping
> someone be an interdork. any info is greatly appreciated.
>
> 63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:35 -0400] "CONNECT mx00.comcast.net:25 HTTP/1.0" 405 99
> 63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:37 -0400] "POST http://63.211.23.62:25/ HTTP/1.1" 200 1188
> 63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "CONNECT mailin-04.mx.aol.com:25 HTTP/1.0" 405 99
> 63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "POST http://63.211.23.38:25/ HTTP/1.1" 200 1188
>
>       I'd be much less concerned if it weren't for the 200 codes on the
> 'POST' commands.  Thanks.
>
> -- 
>                                              - Zep
>                                       (zep () nemesis mmind net)
>
> Friends may come and go, but enemies accumulate.
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------