I find some of this requests in my logs too; on different servers. I think you should have a look at http://www.kb.cert.org/vuls/id/150227 for a discribtion on this. My apache server answers with 400 or 405 on this requests. Your server seems to accept this requests (302, 200)! Stefan Inter.net Switzerland > -----Ursprüngliche Nachricht----- > Von: Rajkumar S [mailto:listuserat_private] > Gesendet: Freitag, 6. Juni 2003 18:35 > An: incidentsat_private > Betreff: Strange CONNECT entries in apache logs > > > Hi, > > While going through my apache logs, I found some logs > indicating CONNECT > requests to port 25 of other hosts. > > 213.130.24.192 [06/Jun/2003:08:44:58 +0530] "CONNECT 194.67.23.20:25 > HTTP/1.1" 302 5 "-" "-" > 130.94.247.248 [06/Jun/2003:10:26:17 +0530] "CONNECT 207.44.188.67:25 > HTTP/1.0" 200 14409 "-" "-" > 130.94.247.248 [06/Jun/2003:09:56:21 +0530] "CONNECT smtp.rol.ru:25 > HTTP/1.0" 200 17757 "-" "-" > > I found this in 2 machines in indian ip block. My another > server at US > is not affected by this. Some one else seeing this? Could this be the > next wave of spam ?? > > raj > ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 10 2003 - 12:48:23 PDT