At 5:59 +0530 2003/05/07, Suresh Ramasubramanian wrote:
>At 06:49 PM 5/6/2003 +0100, Giuliano Gavazzi wrote:
>>Couldn't also this happen by having a virus/malicious code running
>>on the server, or behind the server's NAT (if the server acts as a
>>gateway for private addressed machines)? This can be an important
>>issue in some cases.
>>I had to block port 25 for NATed machines in our network as we had
>>a virus on one of the PCs at the cybercafe. This is fortunately
>>behind a NAT with a different address from the server and the
>>incident was isolated. But if this can happen on port 80 (that I
>>cannot block) and more incidents happened as a result, I might see
>>our net-block blacklisted.
>>I know this is not exim related...
>
>Very likely - but Hotmail's webdav interface doesn't connect on port
>25 I think - some other port, totally (80 I guess).
>
> srs
why "but"? That was essentially my point, and one cannot block port
80. And if hotmail webdav is so easily exploitable, then the problem
is not with open proxies or whatever (they are not even accessory to
this exploit), the problem is with hotmail.
Giuliano
