North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Open relays and open proxies
On Thu, 24 Apr 2003, Joe St Sauver wrote: > The sheer magnitude of the problem also argues against manual construction > of ACL's on a host-by-host basis; to date, having looked at this issue > for maybe six months now, I believe the number of *known* open proxies is > on the order of 120K hosts, few of which are sequentially disposed into > nice CIDR-able netblocks (unless you're okay with the concept of lumping That depends on who's "known" list you're looking at. I know of considerably more open proxies, and suspect the actual number of open proxies on the net today is at least several, if not many, times that number. > What's really needed is some way to take open proxy DNSBL data and > instantiate a dump of that data onto a suitable appliance. It is probably > too much state to burden a reasonable sized border route with, but you > could imagine other devices that could probably handle it (at least for > moderate speed flows), much as there are currently middle boxes which > rip open packets to target peer to peer traffic. That would be one heck of an ACL or routing table full of null routes. I doubt it can be done in a practical manner. ---------------------------------------------------------------------- Jon Lewis *[email protected]*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|