Re: This doesn't add up / have I been rooted?

From: ynotssor ("ynotssor")
Date: 09/26/03


Date: Fri, 26 Sep 2003 03:44:14 -0700


"Jonathan L Cunningham" <spam@softluck.plus.com> wrote in message
news:3f740a46.2289773@usenet.plus.net

>> Also examine the Apache logs for CONNECT() to see if your machine is
>> being used as an open proxy for tunneling other data.
>
> piggybacking on this thread ... what would that look like?
>
> I noticed a few (one or two a week) CONNECT requests in my apache
> logs. It's configured to reject them, but it doesn't regard the
> request as an error (there is no entry in the error log when I
> attempt it myself, it just returns a page refusing it).
>
> How would the logs differ if, somehow, some CONNECTs were being
> accepted? (I don't think they are: I'm just asking out of
> general paranoia.)

I'm not sure how that sort of traffic would be enumerated anywhere short of
a quantifiable tcpdump on port 443, but you may wish to consider some of
what is offered at http://www.google.com/search?q=http+connect+method for
more information.

--
use hotmail com for any email replies
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 100,000 Newsgroups - 19 Different Servers! =-----


Relevant Pages

  • Re: This doesnt add up / have I been rooted?
    ... >> I noticed a few CONNECT requests in my apache ... >> request as an error (there is no entry in the error log when I ... >> How would the logs differ if, somehow, some CONNECTs were being ...
    (comp.os.linux.security)
  • Re: This doesnt add up / have I been rooted?
    ... >> I noticed a few CONNECT requests in my apache ... >> request as an error (there is no entry in the error log when I ... >> How would the logs differ if, somehow, some CONNECTs were being ...
    (comp.os.linux.security)
  • Re: This doesnt add up / have I been rooted?
    ... > piggybacking on this thread ... ... > I noticed a few CONNECT requests in my apache ... > request as an error (there is no entry in the error log when I ... > How would the logs differ if, somehow, some CONNECTs were being ...
    (comp.os.linux.security)
  • Re: This doesnt add up / have I been rooted?
    ... >> to what is going out and that make sense as the packets are small http ... I noticed a few CONNECT requests in my apache ... request as an error (there is no entry in the error log when I ... How would the logs differ if, somehow, some CONNECTs were being ...
    (comp.os.linux.security)
  • Re: This doesnt add up / have I been rooted?
    ... >> to what is going out and that make sense as the packets are small http ... I noticed a few CONNECT requests in my apache ... request as an error (there is no entry in the error log when I ... How would the logs differ if, somehow, some CONNECTs were being ...
    (comp.os.linux.security)