Re: iPlanet Server vulnerable to HTTP TCP HEAD Attack

From: Paul Cardon (paulat_private)
Date: Wed Apr 10 2002 - 16:18:42 PDT

  • Next message: D.Stoutat_private: "IGMP DOS Attack"

    Mendoza Bazan, Luis - (Per) wrote:
    > Hi,
    > 
    > I have an iPlanet server that work as email server. This server has the
    > following services enabled: SMTP, POP3 and HTTP. We detect the evidence that
    > is in the files attached. If you know some advice or workaround about this,
    > it will be welcome.
    > We are searching in Sun some info but cannot find it.
    
    Well Luis, it looks like you have a publicly accessible proxy server and 
    somebody is attempting to use it to get their porn.  I would recommend 
    that you either disable the proxy or configure access controls on it 
    that restricts its use.  You should also be aware that when you post 
    sniffer traces the IP address a.b.c.55 that you were trying to obfuscate 
    shows up in there in hexadecimal (c80e f137) unless you also obfuscate 
    it.  I can't imagine that your customer or employer would be happy that 
    you have advertised that information on a public mailing list.
    
    -paul
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 08:36:43 PDT