nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Open relays and open proxies

From: jlewis () lewis org
Date: Thu, 24 Apr 2003 17:02:22 -0400 (EDT)

On Thu, 24 Apr 2003, Joe St Sauver wrote:


The sheer magnitude of the problem also argues against manual construction
of ACL's on a host-by-host basis; to date, having looked at this issue
for maybe six months now, I believe the number of *known* open proxies is
on the order of 120K hosts, few of which are sequentially disposed into
nice CIDR-able netblocks (unless you're okay with the concept of lumping 


That depends on who's "known" list you're looking at.  I know of
considerably more open proxies, and suspect the actual number of open
proxies on the net today is at least several, if not many, times that 
number.
 

What's really needed is some way to take open proxy DNSBL data and 
instantiate a dump of that data onto a suitable appliance. It is probably
too much state to burden a reasonable sized border route with, but you 
could imagine other devices that could probably handle it (at least for
moderate speed flows), much as there are currently middle boxes which
rip open packets to target peer to peer traffic.


That would be one heck of an ACL or routing table full of null routes.  I 
doubt it can be done in a practical manner.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: