On Thu, 24 Apr 2003, Joe St Sauver wrote:
The sheer magnitude of the problem also argues against manual construction of ACL's on a host-by-host basis; to date, having looked at this issue for maybe six months now, I believe the number of *known* open proxies is on the order of 120K hosts, few of which are sequentially disposed into nice CIDR-able netblocks (unless you're okay with the concept of lumping
That depends on who's "known" list you're looking at. I know of considerably more open proxies, and suspect the actual number of open proxies on the net today is at least several, if not many, times that number.
What's really needed is some way to take open proxy DNSBL data and instantiate a dump of that data onto a suitable appliance. It is probably too much state to burden a reasonable sized border route with, but you could imagine other devices that could probably handle it (at least for moderate speed flows), much as there are currently middle boxes which rip open packets to target peer to peer traffic.
That would be one heck of an ACL or routing table full of null routes. I doubt it can be done in a practical manner. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________