CRIME unfamiliar web attack?

From: Ben Barrett (barrett@private)
Date: Wed Oct 09 2002 - 13:01:19 PDT

Next message: Greg Jorgensen: "Re: CRIME An article from CBS.MarketWatch.com"

Previous message: Jere Retzer: "Re: CRIME Bugbear"
Next in thread: Seth Arnold: "Re: CRIME unfamiliar web attack?"
Reply: Seth Arnold: "Re: CRIME unfamiliar web attack?"
Reply: Jeff Bryner: "Re: CRIME unfamiliar web attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Howdy folks,

I just discovered an unfamiliar entry in my apache webserver logs;
certainly nothing I am vulnerable to but I just couldn't make heads of
it.  I know this must be documented somewhere, but couldn't find
anything on my first few searches, so I thought to ask you all.

Here is the request that was made:
CONNECT maila.microsoft.com:25

and here is the complete log entry, IP address xx'ed out:
216.xx.xx.xx - - [09/Oct/2002:05:55:25 -0700] "CONNECT
maila.microsoft.com:25 / HTTP/1.0" 400 370 "-" "-"

Any clues?  I'm assuming this kiddie is searching for an old IIS
vulnerability, but I've never head of such a thing, asking a webserver
for a connection to a different mailserver...??

Thanks for your time, and take good care.

   Ben

-- 
--
Ben Barrett
Software & Systems Engineer
counterclaim
Phone: 541.484.9235
Fax:  541.484.9193

Next message: Greg Jorgensen: "Re: CRIME An article from CBS.MarketWatch.com"
Previous message: Jere Retzer: "Re: CRIME Bugbear"
Next in thread: Seth Arnold: "Re: CRIME unfamiliar web attack?"
Reply: Seth Arnold: "Re: CRIME unfamiliar web attack?"
Reply: Jeff Bryner: "Re: CRIME unfamiliar web attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 13:23:41 PDT