Re: Apache 1.3.33 strange log entry

From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 02/28/05


Date: 28 Feb 2005 22:01:48 GMT

In article <1109627776.022073.304060@f14g2000cwb.googlegroups.com>,
stefanPL <stefanet@poczta.onet.pl> wrote:
:I found this strange entry in my Apache log, can anyone explain it to
:me and tell me is it dangerous and how can I secure against it?

:61.31.158.236 - - [28/Feb/2005:22:39:29 +0100] "CONNECT
:news98.idv.tw:25 HTTP/1.0" 200 3853 "-" "-"

:I guess someone is trying to use my computer as a mail server, but I
:don't have mail server installed.

My interpretation is that someone was trying to use your system as
a proxy to a mail server, possibly to be anonymous but possibly
as a spam relay.

:Maybe there is a Windows XP hole that
:makes it possible to use Win XP as a mail server remotely or sth like
:that.

There are a number of proxy servers around that run on port 80
[because port 80 is not often firewalled off.] The person may have been
scanning for such proxies.

-- 
When your posts are all alone / and a user's on the phone/
there's one place to check -- / Upstream!
When you're in a hurry / and propagation is a worry/
there's a place you can post -- / Upstream!


Relevant Pages

  • Re: OT .. Road Warrior communications question
    ... The data on the Internet is sent in little packets. ... The packets addressed to port 80 ... Likewise, at the mail server receiving the packets, it knows the return ... Why would e-mail work on the web but not from your e-mail software? ...
    (alt.guitar.bass)
  • Re: Exch 2007 stopped sendin/receiving
    ... my ISP did a major overhaul of their DSL lines and in the process blocked port 25 on my IP. ... I could telnet to 25 on their SMTP server, but to nothing upstream of them. ... Can you telnet to port 25 from outside your network to your Exchange Server? ... I ran the Mail flow troubleshooter which said the root cause was no "host" record for my mail server. ...
    (microsoft.public.exchange.admin)
  • Re: E-mail problem
    ... Port 25 is the classic port for POP3 mail servers. ... It's just not being used to access the incoming mail server. ... When the ISP requires secure password authentication, rather than clear text authentication, to it's service account, it must use the new port assigned for secure password authentication. ... It is designed to be used when you are outsdide the firewall. ...
    (rec.outdoors.rv-travel)
  • Re: The FreeBSD Diary -- Is your ISP blocking port 25? Heres a Postfix solution.
    ... Here's a Postfix solution.10 February 2006 ... My ISP started blocking incoming port 25. ... This solution assumes you have a mail server at home and at least one ... Then I sent a test message from the public mail server ...
    (freebsd-questions)
  • Re: OT .. Road Warrior communications question
    ... address (your computer, the mail server, a website, etc). ... A whole bunch of packets of data are hitting ... The packets addressed to port 80 ... packets into a black hole. ...
    (alt.guitar.bass)