[Gllug] HTTP CONNECT
Dean Wilson
dean.wilson3 at virgin.net
Thu Oct 10 19:10:29 UTC 2002
----- Original Message -----
From: "will" <will at hellacool.co.uk>
> OK, when I telnetted to my machine on port 80 and tried: "CONNECT
> mail.somedomain.net:25 HTTP/1.0\n\n" I got my homepage. Is this what I
should
> be getting? Or do I need to start to worry?
Nah i wouldn't worry, i assume your server conf is just saying it doesn't
know what you want here have the default. Not sure if it should 404
though... Last time i saw any of those type of "connects" was about
six-nine months ago when a bug was discovered that allowed you to go
through the firewall to the webserver with your request and then access
services like smtp from inside the DMZ. Annoying thing about it was that
the log files on the mail server showed the connections as coming from the
webserver.
Something else to test while you are doing this is to try and do a "GET
http://www.google.com/ HTTP/1.0" (Someone correct me if the get syntax is
wrong, I'm not sure if the / on the end of the URL is needed) followed by
two returns. If you get the source for google then your server can be used
as an HTTP relay. Not a huge problem(Not in terms of world peace and
stuff.) but it does mean a third party can launch things like codered (or
what ever this months version is) with your ip address showing up as the
attacker.
Dean
PS Lonix had a great venue, nice one Tushar. Curry house was shit though.
--
Profanity is the one language all programmers understand
--- Anon
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list