Re: another stupid question.

["Ing. Bernardo Lopez O." <bloodk () prodigy net mx>]

<Limit CONNECT>
order deny,allow
deny from all
</Limit>

The abobe snipet is for apache; iis, and others i dont know how to... but i 
think they have this kind of setting too.

There are a lot of methods... "trace" gives to me more fear than "connect"



On Thursday 05 June 2003 07:11, Joerg Over wrote:
> Am 12:03 03.06.2003 -0400 teilte Zep mir folgendes mit:
> ->
> ->
> ->I've googled log entries like the ones below, looking for some
> ->mention of the exploit/what's being attempted (port 25, I'm
> ->guessing it's spam relay?) and how to make sure I'm not helping
> ->someone be an interdork. any info is greatly appreciated.
> ->
> ->63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:35 -0400]
> "CONNECT mx00.comcast.net:25 HTTP/1.0" 405 99
> ->63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:37 -0400]
> "POST http://63.211.23.62:25/ HTTP/1.1" 200 1188
> ->63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400]
> "CONNECT mailin-04.mx.aol.com:25 HTTP/1.0" 405 99
> ->63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400]
> "POST http://63.211.23.38:25/ HTTP/1.1" 200 1188
> ->
> ->    I'd be much less concerned if it weren't for the 200 codes on
> the
> ->'POST' commands.  Thanks.
>
> Will probably a week again until this post strikes, but now and
> then I still try. If "you" is 63.211.23.0/24, you got somebody
> looking for an open proxy (like you suspected).
> I believe the 200 on the POST doesn't mean he was successful, but
> you might want to check yourself anyway:
> http://www.corpit.ru/mjt/proxycheck.html
>
> hth, jo
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
> -


---------------------------------------------------------------------------
----------------------------------------------------------------------------