Re[2]: [squid-users] My Squid Under Attack - Help with info please.

From: Cliff <cliff@dont-contact.us>
Date: Sun, 29 Dec 2002 19:16:35 -0900

Hi Henrik,

Sunday, December 29, 2002, 9:02:48 AM, you wrote:

>> What is the exact nature of the exploit?
>> I've seen the term "HTTP_CONNECT method" but no real
>> detailed explanation.

HN> If you allow CONNECT from anyone to port 25 then spammers can easily
HN> abuse your proxy to as a relay to avoid blacklisting. Instead of the
HN> spammer being blacklisted as a spammer it will be you that end up
HN> blacklisted. The only trace in SMTP is that the email originated from
HN> your IP address.

I know about port 25. And am not an open relay
according to my testing with the ORDB testing
services that I have used. I have just checked
again...and the results are negative.

What does this have to do with port 3128?

Why does using the HTTP connect method to port
3128 result in some sort of connection to port 25?

What is the exact nature of the exploit?

Thank you!

-- 
Best regards
Received on Sun Dec 29 2002 - 21:24:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:15 MST