Hello, As I was having a look at the access log of a apache daemon I noticed a strange entry. After grepping the access log it appeared this entry has occurred 9 times since september this year. I also noticed the same entry on other servers as well. It looks like something or someone is trying to send e-mail through a microsoft smtp server using http daemons however I can't seem to find anything relating to these entries on both google as well as the securityfocus archives. Most entries (64.*) seem to originate from dialup ip-adresses within the netblock of sympatico.ca while the rest are US based adresses. 68.15.22.55 - - [07/Sep/2002:15:10:16 +0200] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 302 0 64.231.49.57 - - [29/Oct/2002:08:13:29 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 65.95.180.128 - - [29/Oct/2002:09:17:51 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 64.231.50.98 - - [31/Oct/2002:23:24:13 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 66.230.222.226 - - [01/Nov/2002:20:07:38 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 64.229.147.12 - - [14/Nov/2002:16:27:30 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 64.228.70.235 - - [15/Nov/2002:11:32:56 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 4.63.221.224 - - [16/Nov/2002:05:49:13 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 64.229.147.19 - - [17/Nov/2002:15:35:24 +0100] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 Does anybody got a clue what this might be? Grtz, dowebwedo Jeroen Wesbeek .programming St. Jacobsstraat 16 | 3511 BS Utrecht Postbus 448 | 3500 AK Utrecht The Netherlands www.dowebwedo.com p +31 (0) 30 234 81 10 | f +31 (0) 20 773 83 38 [roses are red, violets are blue, I am schizophrenic and so am I ] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 22 2002 - 04:05:57 PST