SMTP Proxy Traffic Detected

Medium Nessus Network Monitor Plugin ID 6231

Synopsis

The remote proxy allows SMTP connections to be tunneled using the HTTP CONNECT method.

Description

The remote proxy allows SMTP connections to be tunneled using the HTTP CONNECT method. If this an open proxy (ie, it is remotely accessible by those outside the corporate network), then this feature may be used to send SPAM mail.

Solution

Lock down which port numbers the proxy will tunnel connections to for client CONNECT requests. Also, ensure that only authorized users are allowed to connect to the proxy.

Plugin Details

Severity: Medium

ID: 6231

Family: Backdoors

Published: 2012/01/06

Modified: 2015/06/01

Risk Information

Risk Factor: Medium