Re: This doesn't add up / have I been rooted?

From: ynotssor ("ynotssor")
Date: 09/26/03

Next message: ynotssor: "Re: Did I give up on telnet too easily?"
Previous message: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
In reply to: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Next in thread: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Reply: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Reply: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 26 Sep 2003 03:44:14 -0700

"Jonathan L Cunningham" <spam@softluck.plus.com> wrote in message
news:3f740a46.2289773@usenet.plus.net

>> Also examine the Apache logs for CONNECT() to see if your machine is
>> being used as an open proxy for tunneling other data.
>
> piggybacking on this thread ... what would that look like?
>
> I noticed a few (one or two a week) CONNECT requests in my apache
> logs. It's configured to reject them, but it doesn't regard the
> request as an error (there is no entry in the error log when I
> attempt it myself, it just returns a page refusing it).
>
> How would the logs differ if, somehow, some CONNECTs were being
> accepted? (I don't think they are: I'm just asking out of
> general paranoia.)

I'm not sure how that sort of traffic would be enumerated anywhere short of
a quantifiable tcpdump on port 443, but you may wish to consider some of
what is offered at http://www.google.com/search?q=http+connect+method for
more information.

--
use hotmail com for any email replies
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 100,000 Newsgroups - 19 Different Servers! =-----

Next message: ynotssor: "Re: Did I give up on telnet too easily?"
Previous message: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
In reply to: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Next in thread: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Reply: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Reply: Jonathan L Cunningham: "Re: This doesn't add up / have I been rooted?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: This doesnt add up / have I been rooted?
... >> I noticed a few CONNECT requests in my apache ... >> request as an error (there is no entry in the error log when I ... >> How would the logs differ if, somehow, some CONNECTs were being ...
(comp.os.linux.security)
Re: This doesnt add up / have I been rooted?
... >> I noticed a few CONNECT requests in my apache ... >> request as an error (there is no entry in the error log when I ... >> How would the logs differ if, somehow, some CONNECTs were being ...
(comp.os.linux.security)
Re: This doesnt add up / have I been rooted?
... > piggybacking on this thread ... ... > I noticed a few CONNECT requests in my apache ... > request as an error (there is no entry in the error log when I ... > How would the logs differ if, somehow, some CONNECTs were being ...
(comp.os.linux.security)
Re: This doesnt add up / have I been rooted?
... >> to what is going out and that make sense as the packets are small http ... I noticed a few CONNECT requests in my apache ... request as an error (there is no entry in the error log when I ... How would the logs differ if, somehow, some CONNECTs were being ...
(comp.os.linux.security)
Re: This doesnt add up / have I been rooted?
... >> to what is going out and that make sense as the packets are small http ... I noticed a few CONNECT requests in my apache ... request as an error (there is no entry in the error log when I ... How would the logs differ if, somehow, some CONNECTs were being ...
(comp.os.linux.security)