Re: CRIME unfamiliar web attack?

From: Jeff Bryner (jbryner1@private)
Date: Wed Oct 09 2002 - 15:24:38 PDT

  • Next message: Shaun Savage: "CRIME prevent unauthorized booting of PC"

    Check out
    
    http://www.kb.cert.org/vuls/id/150227
    
    It may be what he was after..a vulnerable proxy to
    send spam (probably misspelling mail.microsoft.com)
    
    Jeff.
    
    --- Ben Barrett <barrett@private> wrote:
    > Howdy folks,
    > 
    > I just discovered an unfamiliar entry in my apache
    > webserver logs;
    > certainly nothing I am vulnerable to but I just
    > couldn't make heads of
    > it.  I know this must be documented somewhere, but
    > couldn't find
    > anything on my first few searches, so I thought to
    > ask you all.
    > 
    > Here is the request that was made:
    > CONNECT maila.microsoft.com:25
    > 
    > and here is the complete log entry, IP address xx'ed
    > out:
    > 216.xx.xx.xx - - [09/Oct/2002:05:55:25 -0700]
    > "CONNECT
    > maila.microsoft.com:25 / HTTP/1.0" 400 370 "-" "-"
    > 
    > Any clues?  I'm assuming this kiddie is searching
    > for an old IIS
    > vulnerability, but I've never head of such a thing,
    > asking a webserver
    > for a connection to a different mailserver...??
    > 
    > Thanks for your time, and take good care.
    > 
    >    Ben
    > 
    > -- 
    > --
    > Ben Barrett
    > Software & Systems Engineer
    > counterclaim
    > Phone: 541.484.9235
    > Fax:  541.484.9193
    > 
    
    
    =====
    --yahoo may add something after this line even though I pay them money not to...
    
    __________________________________________________
    Do you Yahoo!?
    Faith Hill - Exclusive Performances, Videos & More
    http://faith.yahoo.com
    



    This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 16:11:09 PDT