Check out http://www.kb.cert.org/vuls/id/150227 It may be what he was after..a vulnerable proxy to send spam (probably misspelling mail.microsoft.com) Jeff. --- Ben Barrett <barrett@private> wrote: > Howdy folks, > > I just discovered an unfamiliar entry in my apache > webserver logs; > certainly nothing I am vulnerable to but I just > couldn't make heads of > it. I know this must be documented somewhere, but > couldn't find > anything on my first few searches, so I thought to > ask you all. > > Here is the request that was made: > CONNECT maila.microsoft.com:25 > > and here is the complete log entry, IP address xx'ed > out: > 216.xx.xx.xx - - [09/Oct/2002:05:55:25 -0700] > "CONNECT > maila.microsoft.com:25 / HTTP/1.0" 400 370 "-" "-" > > Any clues? I'm assuming this kiddie is searching > for an old IIS > vulnerability, but I've never head of such a thing, > asking a webserver > for a connection to a different mailserver...?? > > Thanks for your time, and take good care. > > Ben > > -- > -- > Ben Barrett > Software & Systems Engineer > counterclaim > Phone: 541.484.9235 > Fax: 541.484.9193 > ===== --yahoo may add something after this line even though I pay them money not to... __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 16:11:09 PDT