[plug] HTTP request smuggleing

Daniel Pearson gpearson at iinet.net.au
Mon Mar 20 10:08:15 WST 2006 

And......... http://seclists.org/lists/incidents/2000/Jun/0113.html

Given that its showing a 405 (reject) in your logs, you seem to be 
safely configured anyway.

Chris Caston wrote:
> On Mon, 2006-03-20 at 09:25, Daniel Pearson wrote:
>   
>> Well.. port 6667 is usually IRC, and trying to get to that URL in your
>> browser gives the following:
>> NOTICE AUTH :*** Looking up your hostname
>> NOTICE AUTH :*** Checking Ident
>> NOTICE AUTH :*** Found your hostname
>> :Dallas.TX.US.ThunderCity.Net 451 *  :Register first.
>> ERROR :Closing Link:  by Dallas.TX.US.ThunderCity.Net (Registration Timeout)
>>
>> Maybe someone is trying to connect there by bouncing through you?
>>     
>
> That's what I thought.
>
> How can I check that my Apache installation isn't vulnerable to this
> sort of stuff?
>   
>> Chris Caston wrote: 
>>     
>>> On Sun, 2006-03-19 at 17:05, Chris Caston wrote:
>>>   
>>>       
>>>> Hello,
>>>>
>>>> Does anyone have the whitepaper for this?
>>>>
>>>> I sent all my details off the Watchfire but they never sent me the pdf.
>>>>
>>>> thanks,
>>>>
>>>> Chris Caston
>>>>     
>>>>         
>>> And what the hell is:
>>> 70.230.77.11 - - [19/Mar/2006:18:10:41 +0800] "GET / HTTP/1.0" 200 0 "-"
>>> "-" "-"
>>> 64.125.154.2 - - [19/Mar/2006:23:27:55 +0800] "CONNECT
>>> 64.125.158.60:6667 HTTP/1                                            .0"
>>> 405 301 "-" "-" "-"
>>> 64.125.154.2 - - [19/Mar/2006:23:27:55 +0800] "POST
>>> http://64.125.158.60:6667/ HTTP/1.0" 405 298 "-" "-" "-"
>>>
>>>
>>> thanks,
>>>
>>> Chris  
>>>
>>>   
>>>       
>>>> _______________________________________________
>>>> PLUG discussion list: plug at plug.org.au
>>>> http://www.plug.org.au/mailman/listinfo/plug
>>>> Committee e-mail: committee at plug.linux.org.au
>>>>
>>>>     
>>>>         
>>> _______________________________________________
>>> PLUG discussion list: plug at plug.org.au
>>> http://www.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.linux.org.au
>>>
>>>   
>>>       
>> ______________________________________________________________________
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://www.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.linux.org.au
>>     
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20060320/c06f240e/attachment.html>

More information about the plug mailing list