Security Incidents mailing list archives

RE: Weird log entries...

From: "Cushing, David" <David.Cushing () hitachisoftware com>
Date: Thu, 28 Mar 2002 09:25:13 -0500

Josh,

It's not a bug, it's a feature.  The connect command is used to do what
you guessed: create a tunnel to another location.

http://www.ietf.org/rfc/rfc2817.txt

5.2 Requesting a Tunnel with CONNECT

A CONNECT method requests that a proxy establish a tunnel connection
on its behalf. The Request-URI portion of the Request-Line is always
an 'authority' as defined by URI Generic Syntax [2], which is to say
the host name and port number destination of the requested connection
separated by a colon:

   CONNECT server.example.com:80 HTTP/1.1
   Host: server.example.com:80

Obviously, if you have a program that supports this feature, it should
be locked down!

-David

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

Weird log entries... Josh Diakun (Mar 28)
- Re: Weird log entries... Kelly Martin (Mar 28)
- Re: Weird log entries... Florian Weimer (Mar 29)
- RE: Weird log entries... John Hartley (Mar 29)
- <Possible follow-ups>
- Re: Weird log entries... zeno (Mar 28)
- RE: Weird log entries... Cushing, David (Mar 29)
- RE: Weird log entries... Michael Ward (Mar 29)