[22947] in bugtraq
Re: Non-standard usage of HTTP proxy servers
daemon@ATHENA.MIT.EDU (Keith Young)
Mon Oct 22 11:57:50 2001
Message-ID: <3BD43FE1.50309@v-one.com>
Date: Mon, 22 Oct 2001 11:48:49 -0400
From: Keith Young <kyoung@v-one.com>
Reply-To: kyoung@v-one.com
MIME-Version: 1.0
To: Alexander Yurchenko <grange@rt.mipt.ru>
Cc: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Alexander Yurchenko wrote:
> I'm sorry if the following things are well-known and not interesting for
> you.
> The HTML form protocol attack method described by Jochen Topf
> <jochen@remote.org> in his post to BugTraq
> (http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2001-10-17&end=2001-10-23&threads=0&mid=20010815092019.A938@atlantis.remote.org)
> can be used in another way. It's possible to connect to one of the
> numerous public HTTP proxy servers and send a request like:
>
> POST http://some.host:25/ HTTP/1.0
>
> giving the SMTP commands as a content. In that way we can send an e-mail
> anonymously and trick diffrent DNS black lists. I've attached a simple
> perl script showing this technique. We can also do the same things using
> the others ASCII based protocols.
> Some proxy servers configured to refuse attempts to connect to such ports
> as SMTP, NNTP, POP3, etc, but many of them not.
> So HTTP proxy servers can do more than just retrieving HTML pages.
>
This has been known for a while; in fact, I added this to the FWTK FAQ
several years ago:
http://www.fwtk.org/fwtk/faq/faq.html#2.4.13
Other proxy server may be different, so you will want to verify this
with your vendor.
As with any good firewall configuration, the destination host/port of
the connection is just as important as the source.... :-)
--
--Keith Young
-kyoung@v-one.com
