Re: Open relays and open proxies

[John Payne <john () sackheads org>]

--On Thursday, April 24, 2003 12:58 PM -0700 Joe St Sauver 
<JOE () OREGON UOREGON EDU> wrote:

> Hi Adi,
>
> # I am seeing an increasing number of hosts on our network become an open
> # proxy. So far the response to this has been reactive, once I receive
> # complaints from spam victims I deal with the source of the problem.
>
> The sheer act of having an abuse address and acting on reports received
> on it puts you a leg and a half up on a number of other service providers
> who have chosen to studiously ignore abused open proxies on their
> networks.

Yep


> # Is there an accepted way of blocking open proxy and open relay traffic
> # at  the network edge?

...

> What's really needed is some way to take open proxy DNSBL data and
> instantiate a dump of that data onto a suitable appliance. It is probably
> too much state to burden a reasonable sized border route with, but you
> could imagine other devices that could probably handle it (at least for
> moderate speed flows), much as there are currently middle boxes which
> rip open packets to target peer to peer traffic.


FWIW, if you can handle an extra 40k or so prefixes, blitzed.org can 
provide a BGP feed of their DNSBL  (although the BGP talking machine is 
currently down for hardware issues).