[57832] in North American Network Operators' Group
Re: Open relays and open proxies
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Thu Apr 24 17:07:35 2003
Date: Thu, 24 Apr 2003 17:02:22 -0400 (EDT)
From: jlewis@lewis.org
To: Joe St Sauver <JOE@OREGON.UOREGON.EDU>
Cc: adil@adis.on.ca, <nanog@merit.edu>
In-Reply-To: <01KV3TNQOOCA8WWY8L@OREGON.UOREGON.EDU>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 24 Apr 2003, Joe St Sauver wrote:
> The sheer magnitude of the problem also argues against manual construction
> of ACL's on a host-by-host basis; to date, having looked at this issue
> for maybe six months now, I believe the number of *known* open proxies is
> on the order of 120K hosts, few of which are sequentially disposed into
> nice CIDR-able netblocks (unless you're okay with the concept of lumping
That depends on who's "known" list you're looking at. I know of
considerably more open proxies, and suspect the actual number of open
proxies on the net today is at least several, if not many, times that
number.
> What's really needed is some way to take open proxy DNSBL data and
> instantiate a dump of that data onto a suitable appliance. It is probably
> too much state to burden a reasonable sized border route with, but you
> could imagine other devices that could probably handle it (at least for
> moderate speed flows), much as there are currently middle boxes which
> rip open packets to target peer to peer traffic.
That would be one heck of an ACL or routing table full of null routes. I
doubt it can be done in a practical manner.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
