On Sun, May 01, 2016 at 03:27:44PM +0200, Jakub Muszynski wrote: > Hello > > I was testing simpleproxy package > simpleproxy -L 15439 -R myaddress.com:5439 -v -t /tmp/trace > > while reading /tmp/trace I've spotted strange rows in its verbose logging > (it should contain "Read from: myaddres.com:5439") > It does querry some *abo.wanadoo.fr <http://abo.wanadoo.fr> *hosts > > The 'strings /tmp/trace | less " log: > (...) > ---------------- Read from: ANantes-655-1-144-239.w2-0.abo.wanadoo.fr:45039 > --------------- > SELECT character_value, version() FROM > INFORMATION_SCHEMA.SQL_IMPLEMENTATION_INFO WHERE implementation_info_id = > '17' or implementation_info_id = '18' > ---------------- Read from: ANantes-157-1-186-63.w2-0.abo.wanadoo.fr:5439 > --------------- > character_value > version > (...) > > *Package details:* > *Package: simpleproxy* > *Priority: optional* > *Section: universe/net* > *Installed-Size: 69* > *Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com > <ubuntu-devel-discuss@lists.ubuntu.com>>* > *Original-Maintainer: Andrew Pollock <apoll...@debian.org > <apoll...@debian.org>>* > *Architecture: amd64* > *Version: 3.4-5* > *Depends: libc6 (>= 2.15)* > *Filename: pool/universe/s/simpleproxy/simpleproxy_3.4-5_amd64.deb* > *Size: 16834* > *MD5sum: b1458997cde90a48f02e58a6dd97c71a* > *SHA1: 4695e3bf2637a957f686ff2c5e0543db469b80e2* > *SHA256: dcf773faa7a216745959505c9d4c1a62a854a359e40fe7de6a7df62652d65f38* > *Description-en: Simple TCP proxy* > * simpleproxy acts as a simple TCP proxy. It opens a listening socket on* > * the local machine and forwards any connection to a remote host. It can be* > * run as a daemon or through inetd.* > *Description-md5: df90d17ba3792463ed98517f2afe2512* > *Homepage: http://www.sourceforge.net/projects/simpleproxy > <http://www.sourceforge.net/projects/simpleproxy>* > *Bugs: https://bugs.launchpad.net/ubuntu/+filebug > <https://bugs.launchpad.net/ubuntu/+filebug>* > *Origin: Ubuntu* > > I did look at tcpdump: > > 12:31:54.815380 IP 10.18.0.6.45062 > 10.118.0.19.15439: Flags [P.], seq > 617:689, ack 1060, win 254, options [nop,nop,TS val 402986021 ecr > 57180214], length 72 > *12:31:54.815468 IP 10.118.0.19.58111 > 10.118.0.2.53: 10512+ PTR? > 176.176.0.2.in-addr.arpa. (40)* > *12:31:54.815705 IP 10.118.0.2.53 > 10.118.0.19.58111: 10512 1/0/0 PTR > ANantes-650-1-45-6.w2-0.abo.wanadoo.fr > <http://ANantes-650-1-45-6.w2-0.abo.wanadoo.fr>. (92)* > 12:31:54.815746 IP 10.118.0.19.34040 > myaddress.com.5439: Flags [P.], seq > 617:689, ack 1060, win 254, options [nop,nop,TS val 57180227 ecr > 896665995], length 72 > > 12:31:54.836881 IP 10.118.0.19.34040 > myaddress.com.5439: Flags [.], ack > 1152, win 254, options [nop,nop,TS val 57180233 ecr 896666014], length 0 > *12:31:54.836932 IP 10.118.0.19.53146 > 10.118.0.2.53: 62285+ PTR? > 63.21.0.2.in-addr.arpa. (40)* > *12:31:54.837177 IP 10.118.0.2.53 > 10.118.0.19.53146: 62285 1/0/0 PTR > ANantes-157-1-186-63.w2-0.abo.wanadoo.fr > <http://ANantes-157-1-186-63.w2-0.abo.wanadoo.fr>. (94)* > 12:31:54.837216 IP 10.118.0.19.15439 > 10.18.0.6.45062: Flags [P.], seq > 1060:1152, ack 689, win 243, options [nop,nop,TS val 57180233 ecr > 402986021], length 92 > > *dig -t ptr 160.176.0.2.in-addr.arpa* > revils the same address > > > It seems that it is only DNS querry, just for l*oggin porpouse,* I > *haven't spot* any direct communication to *abo.wanadoo.fr hosts, but WHY > does it even querry that hosts? > > *strings /usr/bin/simpleproxy |grep 'Read from'* > ---------------- Read from: %s --------------- > > > *grep /usr/bin/simpleproxy -e 63.21.0.2* > [nothing] > > I did try to look for a source code to see what is wrong. > > Could anyone take a look is this package secure?
From a brief inspection of the source, I think the trace() function is giving bogus input to the gethostbyaddr() call it makes to try and resolve the IP addresses involved in the connection. It's buggy, old code, and I don't think it's maintained upstream, so I might just pull it from Debian. Is there a better maintained alternative that you could use for your particular use case if simpleproxy was no longer available? netcat springs to mind, but it's probably less turnkey.
signature.asc
Description: Digital signature
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss