[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] McAfee "Relay Server" Product Installs Open Proxy On Consumer PCs
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] McAfee "Relay Server" Product Installs Open Proxy On Consumer PCs
- From: "Mr. Hinky Dink" <dink@xxxxxxxxxxxxxxx>
- Date: Mon, 09 Jan 2012 12:24:37 -0500
Earlier today I noticed I was getting a lot of TCP port 6515 proxies on
The List (http://www.mrhinkydink.com/proxies.htm ) Curious, I checked
one it and it gave me a VIA header of
1.1 Fran-PC (McAfee Relay Server 5.2.3)
Then I took a peek at the database. Nearly 1900 of these things since
December 1st, 2011. Although the name of the PC above is a dead
giveaway that this is some sort of consumer product
("[name-of-owner]-PC" is the default Windows machine name created during
setup), a quick check of the DNS names of these boxes confirms they are
all on residential IP addresses.
So what is "McAfee Relay Server"? I'm guessing it's one of those snarky
products they stick you with whenever you buy a new PC. This makes
sense, since December is a big month for new PCs.
But why install it as an open proxy?
If it's a "security product" I hope it's a honeypot.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/