[57830] in North American Network Operators' Group
Re: Open relays and open proxies
daemon@ATHENA.MIT.EDU (John Payne)
Thu Apr 24 16:56:59 2003
Date: Thu, 24 Apr 2003 16:56:24 -0400
From: John Payne <john@sackheads.org>
To: Paul Vixie <vixie@vix.com>, "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <g3wuhj4ob1.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
--On Thursday, April 24, 2003 8:45 PM +0000 Paul Vixie <vixie@vix.com>
wrote:
>
>> > I use proxycheck to manually check hosts for open proxies
>> > (http://www.corpit.ru/mjt/proxycheck.html)... you could script this (or
>> > a similar tool) and run scans of your entire network.
>>
>> That's what I would suggest. You could also reactively test your
>> customers when they make a connection to your webserver or mailserver.
>
> that won't catch the case where a proxy is open and is being abused but
> the resulting traffic is directed outside of the local isp, which is going
> to be the common case since parasites don't like to endanger their hosts.
True, but most people who end up with an open proxy trojan will also be
using the machine to read their ISP provided email, etc
