I'm sorry if the following things are well-known and not interesting for
you.
The HTML form protocol attack method described by Jochen Topf
<jochen@remote.org> in his post to BugTraq
(http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2001-10-17&end=2001-10-23&threads=0&mid=20010815092019.A938@atlantis.remote.org)
can be used in another way. It's possible to connect to one of the
numerous public HTTP proxy servers and send a request like:
POST http://some.host:25/ HTTP/1.0
giving the SMTP commands as a content. In that way we can send an e-mail
anonymously and trick diffrent DNS black lists. I've attached a simple
perl script showing this technique. We can also do the same things using
the others ASCII based protocols.
Some proxy servers configured to refuse attempts to connect to such ports
as SMTP, NNTP, POP3, etc, but many of them not.
So HTTP proxy servers can do more than just retrieving HTML pages.
--
Alexander Yurchenko (aka grange)
taty.pl
