Using Squid, one can do acl Safe_ports port 80 81 21 443 563 70 210 1025-65535 http_access deny !Safe_ports to prevent that attack. It is well documented in squid.conf and is turned on by default, I believe Philip ----- Original Message ----- From: "Alexander Yurchenko" <grange@rt.mipt.ru> To: <bugtraq@securityfocus.com> Sent: Monday, October 22, 2001 3:34 AM Subject: Non-standard usage of HTTP proxy servers > It's possible to connect to one of the > numerous public HTTP proxy servers and send a request like: > > POST http://some.host:25/ HTTP/1.0 > > giving the SMTP commands as a content.
