CRIME unfamiliar web attack?

From: Ben Barrett (barrett@private)
Date: Wed Oct 09 2002 - 13:01:19 PDT

  • Next message: Greg Jorgensen: "Re: CRIME An article from CBS.MarketWatch.com"

    Howdy folks,
    
    I just discovered an unfamiliar entry in my apache webserver logs;
    certainly nothing I am vulnerable to but I just couldn't make heads of
    it.  I know this must be documented somewhere, but couldn't find
    anything on my first few searches, so I thought to ask you all.
    
    Here is the request that was made:
    CONNECT maila.microsoft.com:25
    
    and here is the complete log entry, IP address xx'ed out:
    216.xx.xx.xx - - [09/Oct/2002:05:55:25 -0700] "CONNECT
    maila.microsoft.com:25 / HTTP/1.0" 400 370 "-" "-"
    
    Any clues?  I'm assuming this kiddie is searching for an old IIS
    vulnerability, but I've never head of such a thing, asking a webserver
    for a connection to a different mailserver...??
    
    Thanks for your time, and take good care.
    
       Ben
    
    -- 
    --
    Ben Barrett
    Software & Systems Engineer
    counterclaim
    Phone: 541.484.9235
    Fax:  541.484.9193
    



    This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 13:23:41 PDT