abuse of open transparent proxies

¡Hola!

I don't know if this is new or not, but couldn't find anything about this when googling.

I've just found an interesting attack against a friend's transparent proxy.

The proxy was set up so that any connection to port 80 was proxied (no acl's)

There is some spammer, herbal-place.com, using DNS views to exploit the proxy.

To everybody but the proxy, it says that www.herbal-place.com's address is the proxy's one. To the proxy, it answers with their true IP.

Result: my friend pay the bandwidth for the spammers.

They have an automated system controlling this (30 seconds after we close the proxy they changed to abuse a new one)

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Saludos,

                                        HoraPe

---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
horape@hcdn.gov.ar

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com