HTTP proxies, was Re: Operational Issues with 69.0.0.0/8...

Sean Donelan sean at donelan.com
Fri Dec 6 20:28:29 UTC 2002


On Fri, 6 Dec 2002, Rob Thomas wrote:
> ] We now get to embark on another Five Year Plan to shut down
> ] open HTTP proxies.
>
> Indeed.  The number of open (and openly abused) proxies in my hacked
> device database, just from this year, is 21255.  That's just my own,
> small view of the problem.  Imagine the total number.  :/  Watch out
> for those TCP 1080, 3128, and 8080 flows.

And don't forget about the biggest of them all, open BIND proxies.  After
port 80, port 53 goes through almost as much.  A lot of times you don't
need to hack anything, software comes with relay/proxy/recursion enabled.
How do we get software vendors (free, pay, virus) to distribute software
with appropriate defaults?

We blocked port 25, and the spammers used other ports. Should we block IP
protocols 0-255, and ports 0-65535?  Should we move to the cable TV model,
you can watch only what we decide you can watch?  Users should be
receive-only?






More information about the NANOG mailing list