|Proxy Attack LS2004
on Wednesday, January 30, 2008 at 8:55:16 PM (EST)
I loaded Groupware with the idea of filtering the content my staff we accessing on the internet
When I turned on the proxy server even with the firewall set to max I was hit with 1000 proxy requests per hour from outside my fire wall.
My Groupware has since crashed and I have reinstalled LS2004. I am still getting hit from outside the firewall
but I havnt turned on the proxy
Samples below of proxy requests
3032 Request: http://aff.primaryads.com/t.asp?id=7422&e=11523
2988 Request: http://www.houndshow.cn/
2768 Request: http://www.cpa-cpc-cpm.com/banner/1025/7031&dp=0
3016 Request: http://www.clickingagent.com/proxycheck.php?ip=126.96.36.199&port=80&loc=
2944 Request: http://v10.xmlsearch.miva.com/bin/findwhat.dll?getresults&base=0&dc=10&mt=cheap+health+insurance&ip_addr=188.8.131.52&aff_id=64057&fl=0&fmt=xml8859-2&at=F789D9NR7
1:37:20 AM PROXY: 2672 Request: http://login.parkingempire.com/z/1331/CD42/
1:37:40 AM PROXY: 2668 Request: http://www.clickingagent.com/proxycheck.php?ip=184.108.40.206&port=80&loc=
9:00:49 AM PROXY: 2956 Request: http://www.cpa-cpm-cpc.com/banner/412/20516&dp=0
 incoming call from auh-as34275.alshamil.net.ae, service smtp, connected from 9:30:51 AM 31/01/2008,
for 6 min., 25 sec., sent 142 B, received 80 B (0 B/s)
on Friday, February 01, 2008 at 4:46:10 AM (EST)
Had the same problem what eventually worked for me was to disable Web Administration (Still sad about his one) and set IP filtering to my internal net work range only. My web mail is also just set to my internal net work only witch looked like it stopped the attacks.
on Friday, February 01, 2008 at 2:08:57 PM (EST)
Firewall and proxy in 2004 and 5.0 are nearly identical. 5.0 allows antivirus scanning on proxy, 2004 did not. It seems, that for some reason you acted as open proxy and got abused by DOS attack. This is due misconfiguration of your proxy server settings.
It is true that LAN SUITE includes firewall, but it's protection is limited. If you get DOS attack, then pretty much any software firewall will have a problems to handle it. Best recommendation is stop such attack by hardware firewall installed between your network and Internet. This will also give you more CPU power for proxy and messaging.