[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Strange entry in Apache log



Hi, 

On Friday 27 February 2004 18:29, Keith Roberts wrote:
> Or did someone get my machine to connect to another servers
> port 25?
They tried to.


> 220.163.27.187 - - [27/Feb/2004:16:01:51 +0000]
>  "CONNECT 207.217.125.22:25 HTTP/1.1" 200 5664 "-" "-"
>
> I have just been to grc.com, and my SMTP port is stealthed.

This has nothing to do with your smtp port

They scanned for open proxies and tried if your apache would allow to proxy. 
The trick is that even smtp connections can be proxied over a web proxy.

Just make sure this is not possible with your apache
so check error_log for confirmation this failed.

If not. get that apache off-line and remove proxy on directive asap!

BB, Arjen

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here