The following is an unusual (for my box anyway) log entry that I havn't quite figured out how to find more information on. It looks like a failed attempt from a chinese spammer trying to use my box to abuse various mail servers. I would appreciate it if somebody could clue me in on a name for the exploit or family of exploits so I can find further reading.
I've removed my domain name and added the cnames manually.
203.98.164.133 (NWT-NET, hk) - - [05/Jul/2003:06:36:35 -0400] "CONNECT 64.12.138.89:25 (xl.mx.aol.com) HTTP/1.0" 405 231 "-" "-"
203.98.164.133 (NWT-NET, hk) - - [05/Jul/2003:06:36:36 -0400] "CONNECT 66.218.86.253:25 (mta-v21.mail.yahoo.com) HTTP/1.0" 405 231 "-" "-"
203.98.164.133 (NWT-NET, hk) - - [05/Jul/2003:06:36:36 -0400] "CONNECT 65.54.253.230:25 (mc8.law1.hotmail.com) HTTP/1.0" 405 231 "-" "-"
203.98.164.133 (NWT-NET, hk) - - [05/Jul/2003:06:36:37 -0400] "CONNECT 198.170.241.27:25 (mail-fwd.dulles19-verio.com) HTTP/1.0" 405 231 "-" "-"
1 Replies
400 Views