¡Hola! I don't know if this is new or not, but couldn't find anything about this when googling. I've just found an interesting attack against a friend's transparent proxy. The proxy was set up so that any connection to port 80 was proxied (no acl's) There is some spammer, herbal-place.com, using DNS views to exploit the proxy. To everybody but the proxy, it says that www.herbal-place.com's address is the proxy's one. To the proxy, it answers with their true IP. Result: my friend pay the bandwidth for the spammers. They have an automated system controlling this (30 seconds after we close the proxy they changed to abuse a new one) Saludos, HoraPe --- Horacio J. Peña horapeat_private horapeat_private horapeat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 11:33:34 PST