lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 09 Jan 2012 12:24:37 -0500
From: "Mr. Hinky Dink" <dink@...inkydink.com>
To: full-disclosure@...ts.grok.org.uk
Subject: McAfee "Relay Server" Product Installs Open Proxy
	On Consumer PCs

Earlier today I noticed I was getting a lot of TCP port 6515 proxies on
The List (http://www.mrhinkydink.com/proxies.htm ) Curious, I checked
one it and it gave me a VIA header of

1.1 Fran-PC (McAfee Relay Server 5.2.3)

Then I took a peek at the database.  Nearly 1900 of these things since
December 1st, 2011.  Although the name of the PC above is a dead
giveaway that this is some sort of consumer product
("[name-of-owner]-PC" is the default Windows machine name created during
setup), a quick check of the DNS names of these boxes confirms they are
all on residential IP addresses.

So what is "McAfee Relay Server"?  I'm guessing it's one of those snarky
products they stick you with whenever you buy a new PC.  This makes
sense, since December is a big month for new PCs.

But why install it as an open proxy?  

If it's a "security product" I hope it's a honeypot.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ