nanog mailing list archives
Re: Open relays and open proxies
From: Jeff Kell <jeff-kell () utc edu>
Date: Thu, 24 Apr 2003 16:33:31 -0400
Joe St Sauver wrote:
What's really needed is some way to take open proxy DNSBL data and instantiate a dump of that data onto a suitable appliance. It is probably too much state to burden a reasonable sized border route with, but you could imagine other devices that could probably handle it (at least formoderate speed flows), much as there are currently middle boxes which rip open packets to target peer to peer traffic.
Along those lines, I have been running an ACL-based spam blocker at ingress for a little over six months, but it has really surpassed the manageable level for many devices. To put this in perspective, we use a feed from SPEWS level 1 data, current DShield block list, and some manual black/whitelist data, shove it through a perl script, and produce a TFTPable config file which is then 'config net'ed into our edge devices.
The last few days of SPEWS data varies around 14000 lines (mix of CIDR blocks and individual hosts), currently 2400 lines in our local additions, yielding a merged ACL (with ingress blocks, bogons, Dshield blocks, and anti-spam) of ~15800 lines (~603kB). With 'service compress-config' enabled, this fits into a 3640 and doesn't kill it in the process (8xT1s). It overflows TCAM on a 6509 and forces process switching in the ingress direction, but otherwise works (1xGigE, 2x100FE).
On the other hand, NJABL.ORG lists 255K open relays, 170K open proxies, and a spattering of dialups and other listings. This is way beyond ACLs that I could even imagine thinking about :-)
Jeff
Current thread:
- Re: Open relays and open proxies, (continued)
- Re: Open relays and open proxies Curtis Maurand (Apr 27)
- RE: Open relays and open proxies Rafi Sadowsky (Apr 25)
- Re: Open relays and open proxies Nathan J. Mehl (Apr 30)
- Re: Open relays and open proxies Nathan J. Mehl (Apr 30)
- Re: Open relays and open proxies Will Yardley (Apr 25)
- Re: Open relays and open proxies Leo Bicknell (Apr 25)
- Re: Open relays and open proxies John Payne (Apr 25)
- Re: Open relays and open proxies Jeff Kell (Apr 24)
- Re: Open relays and open proxies Paul Vixie (Apr 24)
- Re: Open relays and open proxies Rob Thomas (Apr 24)
- Re: Open relays and open proxies Jeff Kell (Apr 24)
- Re: Open relays and open proxies John Payne (Apr 24)
- Re: Open relays and open proxies Jack Bates (Apr 24)
- Re: Open relays and open proxies Valdis . Kletnieks (Apr 25)
- Re: Open relays and open proxies Daniel Concepcion (Apr 25)
- Re: Open relays and open proxies Valdis . Kletnieks (Apr 25)
- Re: Open relays and open proxies John Payne (Apr 25)
- Re: Open relays and open proxies Daniel Concepcion (Apr 25)