|Main Archive Page > Month Archives > full-disclosure-uk archives|
Earlier today I noticed I was getting a lot of TCP port 6515 proxies on
The List (http://www.mrhinkydink.com/proxies.htm ) Curious, I checked
one it and it gave me a VIA header of
1.1 Fran-PC (McAfee Relay Server 5.2.3)
Then I took a peek at the database. Nearly 1900 of these things since
December 1st, 2011. Although the name of the PC above is a dead
giveaway that this is some sort of consumer product
("[name-of-owner]-PC" is the default Windows machine name created during
setup), a quick check of the DNS names of these boxes confirms they are
all on residential IP addresses.
So what is "McAfee Relay Server"? I'm guessing it's one of those snarky
products they stick you with whenever you buy a new PC. This makes
sense, since December is a big month for new PCs.
But why install it as an open proxy?
If it's a "security product" I hope it's a honeypot.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/