On Fri, 6 Dec 2002, Rob Thomas wrote:
] We now get to embark on another Five Year Plan to shut down ] open HTTP proxies.
Indeed. The number of open (and openly abused) proxies in my hacked device database, just from this year, is 21255. That's just my own, small view of the problem. Imagine the total number. :/ Watch out for those TCP 1080, 3128, and 8080 flows.
And don't forget about the biggest of them all, open BIND proxies. After port 80, port 53 goes through almost as much. A lot of times you don't need to hack anything, software comes with relay/proxy/recursion enabled. How do we get software vendors (free, pay, virus) to distribute software with appropriate defaults? We blocked port 25, and the spammers used other ports. Should we block IP protocols 0-255, and ports 0-65535? Should we move to the cable TV model, you can watch only what we decide you can watch? Users should be receive-only?