Security Basics mailing list archives
Re: another stupid question.
From: Joerg Over <over () dexia de>
Date: Thu, 05 Jun 2003 09:11:51 +0200
Am 12:03 03.06.2003 -0400 teilte Zep mir folgendes mit: -> -> ->I've googled log entries like the ones below, looking for some ->mention of the exploit/what's being attempted (port 25, I'm ->guessing it's spam relay?) and how to make sure I'm not helping ->someone be an interdork. any info is greatly appreciated. -> ->63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:35 -0400] "CONNECT mx00.comcast.net:25 HTTP/1.0" 405 99 ->63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:37 -0400] "POST http://63.211.23.62:25/ HTTP/1.1" 200 1188 ->63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "CONNECT mailin-04.mx.aol.com:25 HTTP/1.0" 405 99 ->63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "POST http://63.211.23.38:25/ HTTP/1.1" 200 1188 -> -> I'd be much less concerned if it weren't for the 200 codes on the ->'POST' commands. Thanks. Will probably a week again until this post strikes, but now and then I still try. If "you" is 63.211.23.0/24, you got somebody looking for an open proxy (like you suspected). I believe the 200 on the POST doesn't mean he was successful, but you might want to check yourself anyway: http://www.corpit.ru/mjt/proxycheck.html hth, jo --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- another stupid question. Zep (Jun 04)
- Re: another stupid question. Joerg Over (Jun 05)
- Re: another stupid question. Ing. Bernardo Lopez O. (Jun 05)
- Re: another stupid question. security () nuvox net (Jun 06)
- Re: another stupid question. Joerg Over (Jun 05)