On Mon, 2003-08-25 at 19:08, Jamie Wilkinson wrote:
> > A little bit more investigating showed that the webserver had mod_proxy > incorrectly configured. The access controls were allowing anyone to proxy > anything to anywhere... including allowing random people to submit posts to > random urls... random urls that included every MX listed in the same subnet. This is a well known security issue - it's why squid ships with a default configuration that blocks access to unsafe ports - such as 25. > So, does anyone know how to detect if a webserver is an open proxy just by > connecting to it? Or is that another thing that would be brute-forced? I > suspect not, otherwise there'd be a lot of proxied POST attempts showing up > in the logs. Yep, try posting or connect, or put to port 25. Rob -- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
