Security Incidents mailing list archives
Re: Strange CONNECT entries in apache logs
From: Darryl Luff <dluff () iitscdm com au>
Date: Wed, 11 Jun 2003 14:05:21 +1000
Look at the apache docs for the "AllowCONNECT" directive. This lets you limit the port numbers that people can connect to through the proxy. Normally, it should be "AllowCONNECT 443". This will block any attempts to connect to strange ports using "CONNECT". Also look at the access restrictions on your proxy to make sure that only your aythorised users can access it, either through IP restrictions or user authentication.On Fri, 6 Jun 2003, Rajkumar S wrote:While going through my apache logs, I found some logs indicating CONNECT requests to port 25 of other hosts. 213.130.24.192 [06/Jun/2003:08:44:58 +0530] "CONNECT 194.67.23.20:25 HTTP/1.1" 302 5 "-" "-" 130.94.247.248 [06/Jun/2003:10:26:17 +0530] "CONNECT 207.44.188.67:25 HTTP/1.0" 200 14409 "-" "-" 130.94.247.248 [06/Jun/2003:09:56:21 +0530] "CONNECT smtp.rol.ru:25 HTTP/1.0" 200 17757 "-" "-" I found this in 2 machines in indian ip block. My another server at US is not affected by this. Some one else seeing this? Could this be the next wave of spam ??
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Strange CONNECT entries in apache logs Rajkumar S (Jun 09)
- Re: Strange CONNECT entries in apache logs Tomasz Onyszko (Jun 09)
- Re: Strange CONNECT entries in apache logs Paul Wilson (Jun 10)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 10)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 11)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 11)
- Re: Strange CONNECT entries in apache logs Darryl Luff (Jun 11)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 11)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 12)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- <Possible follow-ups>
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 12)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 13)