Re: iPlanet Server vulnerable to HTTP TCP HEAD Attack

[Paul Cardon <paul () moquijo com>]

Mendoza Bazan, Luis - (Per) wrote:
> Hi,
>
> I have an iPlanet server that work as email server. This server has the
> following services enabled: SMTP, POP3 and HTTP. We detect the evidence that
> is in the files attached. If you know some advice or workaround about this,
> it will be welcome.
> We are searching in Sun some info but cannot find it.

Well Luis, it looks like you have a publicly accessible proxy server and 
somebody is attempting to use it to get their porn.  I would recommend 
that you either disable the proxy or configure access controls on it 
that restricts its use.  You should also be aware that when you post 
sniffer traces the IP address a.b.c.55 that you were trying to obfuscate 
shows up in there in hexadecimal (c80e f137) unless you also obfuscate 
it.  I can't imagine that your customer or employer would be happy that 
you have advertised that information on a public mailing list.

-paul



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com