Hosting Provided By

Re: Spam via proxy

From: Jefferson Ogata <seclists(at)antibozo.net>
Date: Mon Dec 09 2002 - 11:04:34 EST

listuser wrote:
> Hello,

For squid, test by trying the CONNECT verb on the proxy. Connect to the squid on whatever port is it proxying on (typically 3128), then issue the following request, using a known SMTP server:

CONNECT some.smtp.server.example.com:25 HTTP/1.0

Follow that with a blank line. If you get an SMTP banner, your squid is vulnerable. Most folks want the CONNECT verb enabled to support proxy SSL connections, but the boilerplate in squid.conf will block access to CONNECT for ports other than 443 and 563. A better configuration is to make sure that all access to squid for any request method is blocked for any client that is not on the local LAN.

> Wingate:

Can't help you with Wingate.

> Socks:

Do you need help?

For SOCKS, you'll need a SOCKS client to connect to it. You can build the regular SOCKS package and try using rtelnet after setting the SOCKS_SERVER environment variable to point to the SOCKS server you want to test. Sorry I'm a little rusty since I haven't touched SOCKS in a few years, but that's the basic strategy.

-- 
Jefferson Ogata : Internetworker, Antibozo
<
ogata(at)antibozo.net>  
http://www.antibozo.net/ogata/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Tue Dec 10 00:27:35 2002

This message: [ Message body ]
Next message: KoRe MeLtDoWn: "Re: netbios vuln"
Previous message: Julian Young: "Odd entries in my Security Router logs"
In reply to listuser: "Spam via proxy"
Next in thread: J.Francois: "Re: Spam via proxy"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:52 EDT