[plug] HTTP request smuggleing
Daniel Pearson
gpearson at iinet.net.au
Mon Mar 20 10:08:15 WST 2006
And......... http://seclists.org/lists/incidents/2000/Jun/0113.html
Given that its showing a 405 (reject) in your logs, you seem to be
safely configured anyway.
Chris Caston wrote:
> On Mon, 2006-03-20 at 09:25, Daniel Pearson wrote:
>
>> Well.. port 6667 is usually IRC, and trying to get to that URL in your
>> browser gives the following:
>> NOTICE AUTH :*** Looking up your hostname
>> NOTICE AUTH :*** Checking Ident
>> NOTICE AUTH :*** Found your hostname
>> :Dallas.TX.US.ThunderCity.Net 451 * :Register first.
>> ERROR :Closing Link: by Dallas.TX.US.ThunderCity.Net (Registration Timeout)
>>
>> Maybe someone is trying to connect there by bouncing through you?
>>
>
> That's what I thought.
>
> How can I check that my Apache installation isn't vulnerable to this
> sort of stuff?
>
>> Chris Caston wrote:
>>
>>> On Sun, 2006-03-19 at 17:05, Chris Caston wrote:
>>>
>>>
>>>> Hello,
>>>>
>>>> Does anyone have the whitepaper for this?
>>>>
>>>> I sent all my details off the Watchfire but they never sent me the pdf.
>>>>
>>>> thanks,
>>>>
>>>> Chris Caston
>>>>
>>>>
>>> And what the hell is:
>>> 70.230.77.11 - - [19/Mar/2006:18:10:41 +0800] "GET / HTTP/1.0" 200 0 "-"
>>> "-" "-"
>>> 64.125.154.2 - - [19/Mar/2006:23:27:55 +0800] "CONNECT
>>> 64.125.158.60:6667 HTTP/1 .0"
>>> 405 301 "-" "-" "-"
>>> 64.125.154.2 - - [19/Mar/2006:23:27:55 +0800] "POST
>>> http://64.125.158.60:6667/ HTTP/1.0" 405 298 "-" "-" "-"
>>>
>>>
>>> thanks,
>>>
>>> Chris
>>>
>>>
>>>
>>>> _______________________________________________
>>>> PLUG discussion list: plug at plug.org.au
>>>> http://www.plug.org.au/mailman/listinfo/plug
>>>> Committee e-mail: committee at plug.linux.org.au
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> PLUG discussion list: plug at plug.org.au
>>> http://www.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.linux.org.au
>>>
>>>
>>>
>> ______________________________________________________________________
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://www.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.linux.org.au
>>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20060320/c06f240e/attachment.html>
More information about the plug
mailing list