Re: Non-standard usage of HTTP proxy servers

[Keith Young <kyoung () v-one com>]

Alexander Yurchenko wrote:

> I'm sorry if the following things are well-known and not interesting for
> you.
> The HTML form protocol attack method described by Jochen Topf
> <jochen () remote org> in his post to BugTraq
> (http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2001-10-17&end=2001-10-23&threads=0&mid=20010815092019.A938 
> () atlantis remote org)
> can be used in another way. It's possible to connect to one of the
> numerous public HTTP proxy servers and send a request like:
>
> POST http://some.host:25/ HTTP/1.0
>
> giving the SMTP commands as a content. In that way we can send an e-mail
> anonymously and trick diffrent DNS black lists. I've attached a simple
> perl script showing this technique. We can also do the same things using
> the others ASCII based protocols.
> Some proxy servers configured to refuse attempts to connect to such ports
> as SMTP, NNTP, POP3, etc, but many of them not.
> So HTTP proxy servers can do more than just retrieving HTML pages.


This has been known for a while; in fact, I added this to the FWTK FAQ 
several years ago:

        http://www.fwtk.org/fwtk/faq/faq.html#2.4.13

Other proxy server may be different, so you will want to verify this 
with your vendor.


As with any good firewall configuration, the destination host/port of 
the connection is just as important as the source....  :-)

--
--Keith Young
-kyoung () v-one com