Security Incidents mailing list archives
Strange CONNECT entries in apache logs
From: Rajkumar S <listuser () myrealbox com>
Date: Fri, 06 Jun 2003 22:04:50 +0530
Hi,While going through my apache logs, I found some logs indicating CONNECT requests to port 25 of other hosts.
213.130.24.192 [06/Jun/2003:08:44:58 +0530] "CONNECT 194.67.23.20:25 HTTP/1.1" 302 5 "-" "-" 130.94.247.248 [06/Jun/2003:10:26:17 +0530] "CONNECT 207.44.188.67:25 HTTP/1.0" 200 14409 "-" "-" 130.94.247.248 [06/Jun/2003:09:56:21 +0530] "CONNECT smtp.rol.ru:25 HTTP/1.0" 200 17757 "-" "-"
I found this in 2 machines in indian ip block. My another server at US is not affected by this. Some one else seeing this? Could this be the next wave of spam ??
raj ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Strange CONNECT entries in apache logs Rajkumar S (Jun 09)
- Re: Strange CONNECT entries in apache logs Tomasz Onyszko (Jun 09)
- Re: Strange CONNECT entries in apache logs Paul Wilson (Jun 10)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 10)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 11)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 11)
- Re: Strange CONNECT entries in apache logs Darryl Luff (Jun 11)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 11)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 12)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)