A remote IP address on my internal, non-internet-visible webserver?

[flugh]

Here's my setup. Gateway box is running Windows XP Home ( Service Pack 1, Norton Internet Security + Antivirus with updated Definitions), 2 internal boxen running Fedora Core 3. I got up Monday morning after a loooong overnight 89MB download on this dialup connection. Had a security alert waiting, it was a blocked subseven attempt. No big deal, it was blocked. Later, while grepping apache's access_log on my Linux box, I found:
[tt]64.63.209.98 - - [11/Apr/2005:05:56:59 -0500] "SEARCH /\x90\xc9\xc9\xc[/tt]<snip>
Somehow, anonymous kiddie got the Gateway system to pass along a request to my internal webserver?

Just curious if anyone can tip me to how this got accomplished? I don't have much time to search today, it'll have to wait for the weekend. Then it'll be google and strengthening the firewall rules on the gateway system

Thanks for any input. It may take me a couple/few days to respond.

----
JBR

 

[chiph]

This may be a dumb question, but why do you have XP Home, a notoriously leaky OS, as your gateway?

I would think that a router/NAT box would be cheaper to buy & operate (lower power bills) as well as more secure. Or get on eBay and buy a used Cisco Pix.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[Serbtastic]

Did it result in a 404 (or more likely a 414)? This is an attempt to exploit an IIS webdav buffer overflow (

http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx).

There is no effect on Apache.

 

[ntco]

I agree with chiph, even a $30 router has more firepower/security as a gateway than a complete XP home box doing the same thing (given, if all you're using it for is router/gateway purposes).
Is there some other reason you're running a box with WinXP Home as your gateway?

 

[chiph]

And why isn't it running Windows XP Service Pack 2?

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[flugh]

Thanks for the replies.

Why XP Home as gateway?
It's what the winmodem is in. I have an old external 56k modem I could plug in to it, but my Dad insists on keeping things 'as-is'. I don't like it either. We are about to get some broadband out here, and I'll be plugging in my trusty old laptop running nothing Debian doing nat and keeping out nasty packets.

Why not SP2?
Dad has some stuff he does that requires writing to external devices using a serial connection. I haven't bothered trying to test it on my XP2 box to see if it still works (seem to recall there were problems initially with software after new security stuff in SP2, waiting for the software to catch up to SP2). This is a deal-breaker, it has to work, so I don't push him into SP2 yet because I don't want to deal with the 'you broke my computer' rampage if it (the 3rd party software) doesn't work with SP2 ;-)

Resulting HTTP code?
414. Nothing happened, wasn't worried about the Linux box being in trouble, but the fact that the request got passed through indicates there's a serious vulnerability of some sort. I'll do an SP2 install this weekend after testing out his software on my SP2 box just to be safe.

Thanks for the feedback!

----
JBR