Open relays and open proxies
jlewis at lewis.org
jlewis at lewis.org
Thu Apr 24 21:02:22 UTC 2003
On Thu, 24 Apr 2003, Joe St Sauver wrote:
> The sheer magnitude of the problem also argues against manual construction
> of ACL's on a host-by-host basis; to date, having looked at this issue
> for maybe six months now, I believe the number of *known* open proxies is
> on the order of 120K hosts, few of which are sequentially disposed into
> nice CIDR-able netblocks (unless you're okay with the concept of lumping
That depends on who's "known" list you're looking at. I know of
considerably more open proxies, and suspect the actual number of open
proxies on the net today is at least several, if not many, times that
number.
> What's really needed is some way to take open proxy DNSBL data and
> instantiate a dump of that data onto a suitable appliance. It is probably
> too much state to burden a reasonable sized border route with, but you
> could imagine other devices that could probably handle it (at least for
> moderate speed flows), much as there are currently middle boxes which
> rip open packets to target peer to peer traffic.
That would be one heck of an ACL or routing table full of null routes. I
doubt it can be done in a practical manner.
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list