Security Incidents mailing list archives
Re: Spam via proxy
From: "J.Francois" <frenchie () magusnet com>
Date: Sun, 8 Dec 2002 21:36:03 -0700
This is a thread I remember from back in the day. http://www.security-express.com/archives/bugtraq/1998_4/0042.html http://www.security-express.com/archives/bugtraq/1998_4/0043.html HTH. On Sat, Dec 07, 2002 at 11:42:37PM +0550, listuser wrote:
Hello, I work at a cable ISP and lots of our customers have open wingate, squid or socks proxies. These are regularly being used by spammers to send their scum. I recently visited some of our customers to get their logs. I would like to know how exactly these spams are being send. ie if some one can tell me how to replicate this via a telnet session to the relevent port it will be great. Also which tools are being used by spammers to scan our network, any one have any IDS signature for the scanning? How these cases are being handled else where. One problem we have faced is that the actual users are clueless about what is going on. Are people blocking squid and socks ports at the border router? How can I scan my own network to see who are all vulnarable? Any help in tackling this menace will be much appriciated. regards, raj Squid log: 1038090742.917 17655 68.152.32.164 TCP_MISS/000 0 CONNECT freewebemail.com:25 - DIRECT/freewebemail.com - Wingate: 12/04/02 08:28:19 206.135.212.7 Guest 0000000001 Requested: SSL://204.127.134.23:25 Socks: 11/05/02 11:12:45 209.203.71.250 Guest 0000002153 Requested: SOCKS5 Connect 212.209.223.105:25
-- Jean Francois - JLF Sends...This sig is RFC-1855 compliant! My Resume: http://www.magusnet.com/resume.txt or http://www.magusnet.com/resume.pdf "Tell them we are not Gods, but UNIX Admins, which is the next best thing." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Spam via proxy listuser (Dec 08)
- Re: Spam via proxy Christopher X. Candreva (Dec 09)
- Re: Spam via proxy Jefferson Ogata (Dec 09)
- Re: Spam via proxy J.Francois (Dec 09)
- Re: Spam via proxy Volker Tanger (Dec 09)
- Re: Spam via proxy jlewis (Dec 09)
- Re: Spam via proxy Joe Stewart (Dec 09)