abuse of open transparent proxies
From: horape@tinuviel.compendium.net.ar
Date: 12/18/02
- Previous message: Stephen Friedl: "Re: Worm on 445/tcp?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Dec 2002 23:58:29 -0300 From: horape@tinuviel.compendium.net.ar To: incidents@securityfocus.com
ˇHola!
I don't know if this is new or not, but couldn't find anything about this
when googling.
I've just found an interesting attack against a friend's transparent proxy.
The proxy was set up so that any connection to port 80 was proxied (no acl's)
There is some spammer, herbal-place.com, using DNS views to exploit the proxy.
To everybody but the proxy, it says that www.herbal-place.com's address is the
proxy's one. To the proxy, it answers with their true IP.
Result: my friend pay the bandwidth for the spammers.
They have an automated system controlling this (30 seconds after we close the
proxy they changed to abuse a new one)
Saludos,
HoraPe
--- Horacio J. Peńa horape@compendium.com.ar horape@uninet.edu horape@hcdn.gov.ar ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Next message: Ţórhallur Hálfdánarson: "Re: IRC -> smtp worm?"
- Previous message: Stephen Friedl: "Re: Worm on 445/tcp?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
