Security Incidents mailing list archives
abuse of open transparent proxies
From: horape () tinuviel compendium net ar
Date: Tue, 17 Dec 2002 23:58:29 -0300
¡Hola! I don't know if this is new or not, but couldn't find anything about this when googling. I've just found an interesting attack against a friend's transparent proxy. The proxy was set up so that any connection to port 80 was proxied (no acl's) There is some spammer, herbal-place.com, using DNS views to exploit the proxy. To everybody but the proxy, it says that www.herbal-place.com's address is the proxy's one. To the proxy, it answers with their true IP. Result: my friend pay the bandwidth for the spammers. They have an automated system controlling this (30 seconds after we close the proxy they changed to abuse a new one) Saludos, HoraPe --- Horacio J. Peña horape () compendium com ar horape () uninet edu horape () hcdn gov ar ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- abuse of open transparent proxies horape (Dec 18)