I think you got it, Larry (yes its a proxy) -- but this time it was malicious use of a "resource". Bob, let's check out the access logs, if possible, around the time of the datstamp on that email. There might be a better way to lock down the permissible sources for that machine's proxy handling... snort and its ilk can flag abuse-attempts like this case. I get blind proxy attempts on my webservers all the time, but not nearly as much as IIS-specific r00t requests.
regards, Ben On Tue, 22 Jul 2003 10:33:46 -0700 Larry Price <[EMAIL PROTECTED]> wrote: | Given that the Received: header with the IP address of the computer | mentions HTTP | | and this bit | >> X-Mailer: mPOP Web-Mail 2.19 | >> X-Originating-IP: 127.0.0.1 via proxy [216.239.175.40] | was the host in question running some sort of http-proxy like squid | or junkbuster? incorrectly configured they can be used to forward http | requests. | _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
