[57831] in North American Network Operators' Group
Re: Open relays and open proxies
daemon@ATHENA.MIT.EDU (John Payne)
Thu Apr 24 16:59:38 2003
Date: Thu, 24 Apr 2003 16:58:56 -0400
From: John Payne <john@sackheads.org>
To: Joe St Sauver <JOE@OREGON.UOREGON.EDU>
Cc: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <01KV3TNQOOCA8WWY8L@OREGON.UOREGON.EDU>
Errors-To: owner-nanog-outgoing@merit.edu
--On Thursday, April 24, 2003 12:58 PM -0700 Joe St Sauver
<JOE@OREGON.UOREGON.EDU> wrote:
>
> Hi Adi,
>
># I am seeing an increasing number of hosts on our network become an open
># proxy. So far the response to this has been reactive, once I receive
># complaints from spam victims I deal with the source of the problem.
>
> The sheer act of having an abuse address and acting on reports received
> on it puts you a leg and a half up on a number of other service providers
> who have chosen to studiously ignore abused open proxies on their
> networks.
Yep
># Is there an accepted way of blocking open proxy and open relay traffic
># at the network edge?
...
> What's really needed is some way to take open proxy DNSBL data and
> instantiate a dump of that data onto a suitable appliance. It is probably
> too much state to burden a reasonable sized border route with, but you
> could imagine other devices that could probably handle it (at least for
> moderate speed flows), much as there are currently middle boxes which
> rip open packets to target peer to peer traffic.
FWIW, if you can handle an extra 40k or so prefixes, blitzed.org can
provide a BGP feed of their DNSBL (although the BGP talking machine is
currently down for hardware issues).
