Looks like you have a proxy, secured for the CONNECT method but not for the POST method.
Someone is connecting to the proxy on your host and attempting to connect to a mail server on port 25; they could then send out spam from that location, and it would trace back to your host, not theirs. POST method is a little bit different, but gets the same results: you get blamed for spam, and blacklisted. See http://www.kb.cert.org/vuls/id/150227 That's a mighty checkered IP you've got yourself... see: http://openrbl.org/ip/63/211/23/62.htm -- Scott Lesley On Tue, 2003-06-03 at 12:03, Zep wrote: > > > I've googled log entries like the ones below, looking for some > mention of the exploit/what's being attempted (port 25, I'm > guessing it's spam relay?) and how to make sure I'm not helping > someone be an interdork. any info is greatly appreciated. > > 63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:35 -0400] "CONNECT > mx00.comcast.net:25 HTTP/1.0" 405 99 > 63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:37 -0400] "POST > http://63.211.23.62:25/ HTTP/1.1" 200 1188 > 63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "CONNECT > mailin-04.mx.aol.com:25 HTTP/1.0" 405 99 > 63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "POST > http://63.211.23.38:25/ HTTP/1.1" 200 1188 > > I'd be much less concerned if it weren't for the 200 codes on the > 'POST' commands. Thanks. > > -- > - Zep > ([EMAIL PROTECTED]) > > Friends may come and go, but enemies accumulate. > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
