Home page logo

fulldisclosure logo Full Disclosure mailing list archives

McAfee "Relay Server" Product Installs Open Proxy On Consumer PCs
From: "Mr. Hinky Dink" <dink () mrhinkydink com>
Date: Mon, 09 Jan 2012 12:24:37 -0500

Earlier today I noticed I was getting a lot of TCP port 6515 proxies on
The List (http://www.mrhinkydink.com/proxies.htm ) Curious, I checked
one it and it gave me a VIA header of

1.1 Fran-PC (McAfee Relay Server 5.2.3)

Then I took a peek at the database.  Nearly 1900 of these things since
December 1st, 2011.  Although the name of the PC above is a dead
giveaway that this is some sort of consumer product
("[name-of-owner]-PC" is the default Windows machine name created during
setup), a quick check of the DNS names of these boxes confirms they are
all on residential IP addresses.

So what is "McAfee Relay Server"?  I'm guessing it's one of those snarky
products they stick you with whenever you buy a new PC.  This makes
sense, since December is a big month for new PCs.

But why install it as an open proxy?  

If it's a "security product" I hope it's a honeypot.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • McAfee "Relay Server" Product Installs Open Proxy On Consumer PCs Mr. Hinky Dink (Jan 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]