security hole?

Dzon dzon na writeme.com
Úterý Červen 22 11:10:32 CEST 1999


Ahoj,
testoval jsem nas server pomoci programu nessus [http://www.nessus.org]
a ziskal jsem tento vystup:

REPORT The remote proxy accepted the request : 
GET http://dzon:25 HTTP/1.1
This means that anyone can use it to connect
anonymously anywhere.
Solution : edit the proxy config file and deny
all the ports except 80 and 21 (ftp)
gate unknown (3128/tcp) 
REPORT The remote proxy accepted the request : 
POST http://dzon:25 HTTP/1.1
This means that anyone can use it to connect
anonymously anywhere. This method offers an
interactive prompt to the attacker.
Solution : edit the proxy config file and deny
all the ports except 80 and 21 (ftp)

Jak se muze dostat kdokoli kamkoli? Zkousel jsem to z commandline
a jedine co jsem dostal bylo connection refused, server may be
busy or down.

Neotravoval bych tu, ale jestli to je vazne dira, chtel bych
to vedet :)

Btw --- co to je 'smad attack'? toto je take jeden z Nessovych
warnings

Diky

-- 

				  -Dzon
                             dzon na writeme.com


Další informace o konferenci Linux