Alexander Yurchenko wrote: > I'm sorry if the following things are well-known and not interesting for > you. > The HTML form protocol attack method described by Jochen Topf > <jochen@remote.org> in his post to BugTraq > (http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2001-10-17&end=2001-10-23&threads=0&mid=20010815092019.A938@atlantis.remote.org) > can be used in another way. It's possible to connect to one of the > numerous public HTTP proxy servers and send a request like: > > POST http://some.host:25/ HTTP/1.0 > > giving the SMTP commands as a content. In that way we can send an e-mail > anonymously and trick diffrent DNS black lists. I've attached a simple > perl script showing this technique. We can also do the same things using > the others ASCII based protocols. > Some proxy servers configured to refuse attempts to connect to such ports > as SMTP, NNTP, POP3, etc, but many of them not. > So HTTP proxy servers can do more than just retrieving HTML pages. > This has been known for a while; in fact, I added this to the FWTK FAQ several years ago: http://www.fwtk.org/fwtk/faq/faq.html#2.4.13 Other proxy server may be different, so you will want to verify this with your vendor. As with any good firewall configuration, the destination host/port of the connection is just as important as the source.... :-) -- --Keith Young -kyoung@v-one.com
