[suse-security] Strange entry in Apache log

[Keith Roberts <lists@xxxxxxxxxxxxxxxxx>]

Hi everyone.

Can anyone tell what the following apache logs are?

The last line looks like they managed to connect to port 25.

Or did someone get my machine to connect to another servers
port 25?

220.163.27.187 - - [27/Feb/2004:16:00:48 +0000]
 "\x04\x01" 200 0 "-" "-"

220.163.27.187 - - [27/Feb/2004:16:01:40 +0000]
 "\x05\x01" 200 0 "-" "-"

220.163.27.187 - - [27/Feb/2004:16:01:51 +0000]
 "CONNECT 207.217.125.22:25 HTTP/1.1" 200 5664 "-" "-"

I have just been to grc.com, and my SMTP port is stealthed.

Here is a listing of netstat

keith@myserver:~> netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:printer               *:*                     LISTEN
tcp        0      0 *:www-http              *:*                     LISTEN
tcp        0      0 *:afs3-fileserver       *:*                     LISTEN
tcp        0      0 localhost:smtp          *:*                     LISTEN

Anyone have any ideas?

Kind Regards - Keith Roberts









-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here