--On Thursday, April 24, 2003 12:58 PM -0700 Joe St Sauver <JOE@OREGON.UOREGON.EDU> wrote:
Hi Adi,
# I am seeing an increasing number of hosts on our network become an open # proxy. So far the response to this has been reactive, once I receive # complaints from spam victims I deal with the source of the problem.
The sheer act of having an abuse address and acting on reports received on it puts you a leg and a half up on a number of other service providers who have chosen to studiously ignore abused open proxies on their networks.
Yep
# Is there an accepted way of blocking open proxy and open relay traffic # at the network edge?
...
What's really needed is some way to take open proxy DNSBL data and instantiate a dump of that data onto a suitable appliance. It is probably too much state to burden a reasonable sized border route with, but you could imagine other devices that could probably handle it (at least for moderate speed flows), much as there are currently middle boxes which rip open packets to target peer to peer traffic.
FWIW, if you can handle an extra 40k or so prefixes, blitzed.org can provide a BGP feed of their DNSBL (although the BGP talking machine is currently down for hardware issues).