Full Disclosure mailing list archives

Re: HTTP request with SMTP message

From: Vincent Renardias <vincent () renardias com>
Date: Mon, 24 Nov 2003 18:59:05 +0100

On Mon, 2003-11-24 at 17:25, Tiago Halm wrote:

It's not the first time, but I gave up trying to figure it out.
My IIS (port 80) received this HTTP request from x.x.x.x.

Any thoughts ?


Yes: somebody is trying to see if your webserver has proxy-mode enabled
and is trying to use this feature to relay spam.

Cordialement,

----------------------------------------------------------------------------
----------
POST http://x.x.x.x:25/ HTTP/1.1
Content-type: application/octet-stream
Content-length: 540
Host: x.x.x.x

HELO ps.com
MAIL FROM:<vsuhfbovuhs () socal rr com>
RCPT TO: <looc_si_maps () yahoo ie>
DATA
Message-ID:
<080083058050049051046050050046055052046050052052058052058056048 () ps com>

[snip]

-- 
Vincent RENARDIAS
http://www.renardias.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

HTTP request with SMTP message Tiago Halm (Nov 24)
- Re: HTTP request with SMTP message Volker Tanger (Nov 24)
- Re: HTTP request with SMTP message Vincent Renardias (Nov 24)
- Re: HTTP request with SMTP message Lorenzo Hernandez Garcia-Hierro (Nov 24)
- Re: HTTP request with SMTP message Valdis . Kletnieks (Nov 24)
- <Possible follow-ups>
- RE: HTTP request with SMTP message Seamus Hartmann (Nov 24)