From owner-freebsd-questions@FreeBSD.ORG  Fri Apr  7 19:11:23 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A26C16A401
	for <freebsd-questions@freebsd.org>;
	Fri,  7 Apr 2006 19:11:23 +0000 (UTC)
	(envelope-from roberthuff@rcn.com)
Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net
	[207.172.157.102])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 43EF043D46
	for <freebsd-questions@freebsd.org>;
	Fri,  7 Apr 2006 19:11:22 +0000 (GMT)
	(envelope-from roberthuff@rcn.com)
Received: from 209-6-22-29.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com (HELO
	jerusalem.litteratus.org.litteratus.org) ([209.6.22.29])
	by smtp02.lnh.mail.rcn.net with ESMTP; 07 Apr 2006 15:11:16 -0400
X-IronPort-AV: i="4.04,98,1144036800"; 
	d="scan'208"; a="220414475:sNHT12337057664"
From: Robert Huff <roberthuff@rcn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <17462.47412.848744.740663@jerusalem.litteratus.org>
Date: Fri, 7 Apr 2006 15:10:44 -0400
To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org>
In-Reply-To: <44359D84.9020000@vonostingroup.com>
References: <MIEPLLIBMLEEABPDBIEGAEECHEAA.fbsd_user@a1poweruser.com>
	<44358FC6.3050000@mac.com> <44359D84.9020000@vonostingroup.com>
X-Mailer: VM 7.17 under 21.5  (beta26) "endive" XEmacs Lucid
Subject: Re: web server attack
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2006 19:11:23 -0000


Frank Laszlo writes:

>  >> Does anyone know what this is and what I can do to stop it
>  >> besides adding the ip address to my firewall block rules?
>  >
>  > I suppose that someone is trying to exploit mod_proxy to connect to an 
>  > SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least 
>  > get HTTP replies back.
>
>  Setup mod_security to block that type of request. Any chance you
>  can capture some packets and send a link? I'd like to take a look
>  at it.

	Running apache-2.2, I don't seem to have _security among the
modules.  Do I need to change my config (and rebuild), or does it
perhaps go by another name in this version?


				Robert Huff