Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IRC connect through apache ????

From: evyncke () CISCO COM (Eric Vyncke)
Date: Thu, 15 Jun 2000 09:52:13 +0200

Actually, the CONNECT method is use to do TCP session proxy.

As Apache can work as a HTTP proxy (usually through HTTP request
like 'GET http://www.foo.com') it can also be configued as TCP
session proxy (mainly for SSL through request like 'CONNECT www.foo.com:443'.

Here, you have someone probing your Apache server for such a wide
open TCP proxy. But, as your Apache was safely configured it was
rejected (code 405).

Just my 0.01 EUR

-eric

At 10:17 14/06/2000 +0000, arhuman () HOTMAIL COM wrote:

I found this in my apache logs.
Do someone know what does it mean ?
(referer obfuscated by me -> xx.xx.xx.xx
It appears to be a linux box with no domain name)

xx.xx.xx.xx - - [14/Jun/2000:08:38:38 +0200] "CONNECT
irc.webbernet.net:6667 HTTP/1.0" 405 306
xx.xx.xx.xx - - [14/Jun/2000:08:38:38 +0200] "CONNECT
irc.webbernet.net:6667 HTTP/1.0" 405 306 "-" "-"
xx.xx.xx.xx - - [14/Jun/2000:08:38:42 +0200] "CONNECT
irc.webbernet.net:6667 HTTP/1.0" 405 306
xx.xx.xx.xx - - [14/Jun/2000:08:38:49 +0200] "POST
http://ircd.webbernet.net:6667 HTTP/1.0" 405 304
xx.xx.xx.xx - - [14/Jun/2000:08:38:49 +0200] "POST
http://ircd.webbernet.net:6667 HTTP/1.0" 405 304 "-" "-"
xx.xx.xx.xx - - [14/Jun/2000:08:38:53 +0200] "POST
http://ircd.webbernet.net:6667 HTTP/1.0" 405 304

Thanks by advance.

Arhuman


Eric Vyncke
Consulting Engineer                Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke () cisco com          Mobile: +32-75-312.458
Previous By Date Next
Previous By Thread Next

Current thread: