[57827] in North American Network Operators' Group
RE: Open relays and open proxies
daemon@ATHENA.MIT.EDU (David Schwartz)
Thu Apr 24 16:40:00 2003
From: "David Schwartz" <davids@webmaster.com>
To: "Adi Linden" <adil@adis.on.ca>, <nanog@merit.edu>
Date: Thu, 24 Apr 2003 13:38:50 -0700
In-Reply-To: <Pine.LNX.4.44.0304241407310.9175-100000@adibox.knet.ca>
Errors-To: owner-nanog-outgoing@merit.edu
> I am seeing an increasing number of hosts on our network become an open
> proxy. So far the response to this has been reactive, once I receive
> complaints from spam victims I deal with the source of the problem.
> Is there an accepted way of blocking open proxy and open relay traffic at
> the network edge?
Educate your customers. Seriously.
The details depend upon which type of problem you need to solve:
1) Customers are being tricked into installing open proxies, say by
downloading executable from file sharing services.
2) Customers are trying to set up proxies to allow them to share their
Internet connection with family members, but aren't securing them properly.
3) Customers are deliberately setting up open proxies as anonymizers.
Perhaps you have some other variation on these themes, but if you look at
all of these, you should be able to see that education is the best solution.
The possible exception is 3, in which case threats may be more appropriate.
DS
