Hi Steve, > I'm assuming you're a RoadRunner customer?
Well no. I am a TPG customer (in Australia) so not RoadRunner unless RoadRunner is THEIR upstream... I also see entries from other places like: 4.33.8.186 - - [12/Jan/2003:05:10:09 +1000] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 "-" "-" 4.33.8.186 - - [12/Jan/2003:05:10:19 +1000] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 370 "-" "-" 24.30.199.228 - - [12/Jan/2003:08:45:23 +1000] "CONNECT security.rr.com:25 HTTP/1.0" 200 12796 "-" "-" 12.154.176.184 - - [23/Jan/2003:02:13:36 +1000] "CONNECT maila.microsoft.com:25 HTTP/1.0" 200 12904 "-" "-" 12.154.176.184 - - [23/Jan/2003:02:13:39 +1000] "CONNECT maila.microsoft.com:25 HTTP/1.0" 200 12904 "-" "-" 64.144.25.246 - - [13/Jan/2003:00:31:08 +1000] "CONNECT maila.microsoft.com:25 HTTP/1.0" 200 12904 "-" "-" 64.144.25.246 - - [13/Jan/2003:00:31:19 +1000] "CONNECT maila.microsoft.com:25 HTTP/1.0" 200 12904 "-" "-" 64.144.25.246 - - [13/Jan/2003:00:31:21 +1000] "CONNECT maila.microsoft.com:25 HTTP/1.0" 200 12904 "-" "-" What worried me the most was the CONNECT and the PUT both returning a status of 200 (OK) and returning about 12k of data to them! > Your Apache isn't relaying anything. It looks like RoadRunner is > doing some sort of audit on their customers. I have been picking these > up in my /var/log/messages (from iptables logging) and my Apache logs. > They are from as far back as December 24th (that's how far back my > logs go) and seem to happen at least once a week. > > In addition to Apache, I see them probing these ports: > 119, 25, 8080, 8081, 6588, 4480, 3128, 1080, 81 I understand them looking for port 25 and 80 to see if you are running email or web services but requesting a foreign port 25 connection via the webserver seems very suspicious to me. -- Regards, +-----------------------------+---------------------------------+ | Peter Kiem .^. | E-Mail : <[EMAIL PROTECTED]> | | Zordah IT /V\ | Mobile : +61 0414 724 766 | | IT Consultancy & /( )\ | WWW : www.zordah.net | | Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 | +-----------------------------+---------------------------------+ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
