Penetration Testing mailing list archives
Re: SMTP over HTTP traffic, looks fishy.
From: tcp fin <inet_inaddr () yahoo com>
Date: Mon, 10 Jul 2006 21:10:59 -0700 (PDT)
Also make sure that u have high alert on SMTP and HTTP server and make sure that u scan the logs for "<scripts>" in URL for HTTP or some other anomalies on the SMTP like long from Address or Attachement with the ZIP files having the Endof File pointing to the begining of the ZIP file and creating a vicious loop for the SMTP server and crashing it eventually. Also if need be Black list the IP address on the IPF from where u are getting this noise may be putting the ACL on the Gateway Router make more sense as well rather than feeling ur log servers . Regards, TCP-FIN --- Devdas Bhagat <devdas () dvb homelinux org> wrote:
On 03/07/06 09:12 -0400, killy wrote:Over the last several days, we have seen asignificant increase in theattempts to tunnel SMTP through HTTP. Most ofthese attacks have comeout of China in the past.Spam via open proxies. As long as you aren't relaying for them, just ignore the noise. Devdas Bhagat
------------------------------------------------------------------------------
This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- SMTP over HTTP traffic, looks fishy. killy (Jul 04)
- Re: SMTP over HTTP traffic, looks fishy. zHihaO (Jul 04)
- Re: SMTP over HTTP traffic, looks fishy. Devdas Bhagat (Jul 04)
- Re: SMTP over HTTP traffic, looks fishy. tcp fin (Jul 10)