- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Alien traffic through my server
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2003 09:40 AM
тАО06-06-2003 09:40 AM
202.102.138.28 - - [01/Jun/2003:04:02:52 -0500] "GET http://ad.doubleclick.net/adi/N1684.TMP.com/B1151947.27;sz=720x300;ord=2470014? HTTP/1.1" 200 3303 "http://www.entwww.com/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
211.94.204.40 - - [01/Jun/2003:04:13:57 -0500] "GET http://ad.doubleclick.net/ad/max.travelrate/ros;sz=468x60;ord='%20+%20ord%20+%20'? HTTP/1.0" 302 0 "http://www.travelrate.co.uk/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
Neither the source nor destination are on my server. Does anyone know how this can happen, or better yet, how to stop it.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2003 03:24 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2003 03:34 PM
тАО06-06-2003 03:34 PM
Re: Alien traffic through my server
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2003 03:49 PM
тАО06-06-2003 03:49 PM
Re: Alien traffic through my server
ProxyRequests On
Order deny,allow
Deny from all
Allow from ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2003 06:45 PM
тАО06-06-2003 06:45 PM
Re: Alien traffic through my server
Makes me wonder what benifit they get from using my server as a proxy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2003 07:08 PM
тАО06-06-2003 07:08 PM
Re: Alien traffic through my server
Being a ethical hacker I hope I can answer.
I want to attack Victim's webserver through some browser.
i want to use directory transversal exploit or chucked encoding exploit etc .
i know that the victim's server is certainly vulnerable for the above exploits.
I want to hide my real IP address logged in victim's firewall or Webserver. So what I will do is to connect normally to Internet thru some dialin account ( DHCP setup do more good to hackers ). Set the Proxy settings of my Internet browser to point your open proxy.
Now thru my browser i connect to www.victim.com
and work out my attacks or espionage the victim's cgi scripts , OS platform , etc..
your Proxy server will relay my HTTP request packets to victims web server with your own source IP. So my IP address is hidden from the victim's log files. But your open proxy's IP address will be logged in victims log files.
So this open proxies are selected across countries. I will remain untraceable to a greatest extentt mostly because of factors like Political Restrictions , lack of different ISP co-ordination etc..
regards,
U.SivaKumar
Disclaimer: I shall not be liable for any security breach caused by the reader of this thread. This reply is in good faith meant to enlighten the innocents.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2003 12:41 PM
тАО06-08-2003 12:41 PM
Re: Alien traffic through my server
I guess you don???t see the beauty of what U.SivaKumar has done for you by posting that reply.
It???s just my humble, uneducated opinion, but I think you really did him an injustice by giving him a single point only for that explanation.
Sorry, I know you didn???t ask for my input on this. I just can???t help but voice my thoughts on this one.
BTW -- Please assign me a 0 for this post. I just wanted to vent???
Have a nice day...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2003 02:07 PM
тАО06-08-2003 02:07 PM
Re: Alien traffic through my server
Sorry about that; I'll try to do better.
Vern
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2003 02:50 PM
тАО06-08-2003 02:50 PM
Re: Alien traffic through my server
Install iptables immediately.
Keep only those ports open necessary to the operation of your web server.
The following iptables configuration which can be modified and installed in the file /etc/sysconfig/iptables can provide stately proxy services to an entire network while keeping most ports secure.
Modify the config to work with your own network.
I will insert # changeme's above the lines you MUST change.
# Generated by iptables-save v1.2.5 on Sun Oct 20 02:43:53 2002
*nat
:PREROUTING ACCEPT [11:792]
:POSTROUTING ACCEPT [31:2763]
:OUTPUT ACCEPT [31:2763]
-A POSTROUTING -o eth0 -j
# changeme to your network
SNAT --to-source 66.92.143.194
COMMIT
# Completed on Sun Oct 20 02:43:53 2002
# Generated by iptables-save v1.2.5 on Sun Oct 20 02:43:53 2002
*filter
:INPUT ACCEPT [30:2771]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [38:3507]
:okay - [0:0]
# changeme to your network
-A INPUT -s 192.168.0.0/255.0.0.0 -i eth1 -j ACCEPT
-A INPUT -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -s 192.168.0.1 -i lo -j ACCEPT
# changeme to your network
-A INPUT -s 66.92.143.194 -i lo -j ACCEPT
# changeme to your network
-A INPUT -s 192.168.0.40 -i eth1 -j ACCEPT
# changeme to your network
-A INPUT -s 192.168.0.255 -i lo -j ACCEPT
# changeme to your network
-A INPUT -d 66.92.143.221 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j okay
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j okay
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j okay
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j okay
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j okay
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j okay
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j okay
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j okay
-A INPUT -i eth0 -p tcp -m tcp --dport 123 -j okay
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 2074 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 4000 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A okay -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A okay -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A okay -p tcp -j DROP
COMMIT
# Completed on Sun Oct 20 02:43:53 2002
This came off my production SNAT server which is also my backup web server for my 24/7 web hosting business.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2003 05:50 AM
тАО06-09-2003 05:50 AM