Using Squid, one can do acl Safe_ports port 80 81 21 443 563 70 210 1025-65535 http_access deny !Safe_ports to prevent that attack. It is well documented in squid.conf and is turned on by default, I believe Philip ----- Original Message ----- From: "Alexander Yurchenko" <grangeat_private> To: <bugtraqat_private> Sent: Monday, October 22, 2001 3:34 AM Subject: Non-standard usage of HTTP proxy servers > It's possible to connect to one of the > numerous public HTTP proxy servers and send a request like: > > POST http://some.host:25/ HTTP/1.0 > > giving the SMTP commands as a content.
This archive was generated by hypermail 2b30 : Mon Oct 22 2001 - 10:42:29 PDT