Proxy scanning (was RE: [IRCServices] Another Feature Suggestion)

[Ross Hosman]

btw, I was suggesting floodserv as a proxy monitor but as a channel/network
flood monitor.

----- Original Message -----
From: "Russell Garrett" <rg at tcslon.com>
To: <ircservices at ircservices.za.net>
Sent: Friday, May 31, 2002 5:17 AM
Subject: RE: Proxy scanning (was RE: [IRCServices] Another Feature
Suggestion)


> > Since Services 5 will (or at very least could, given
> > coding for a module)
> > sport global Z: line management, would it make sense to
> > have it send a
> > message so that it adds your desired Z: line to Services?
> > Or should one
> > collect up the accumulated Z: lines on the respective
> > servers BOPM is
> > running on and manually add them later?
>
> The only problem with this is the single-point-of-failure problem: If
> someone DoSes your Services server, or the services hub off, then the
> point of having a seperate proxy monitor on each server is defeated,
> as they can't submit their z:lines.
>
> The most resilient solution, at least with BOPM, is to get each
> individual BOPM bot to submit by e-mail to blitzednet's DNS blacklist
> (you have to e-mail them to set this up, but it's very efficient) -
> all the other BOPM proxy monitors on your network and everywhere else
> will then pick compromised hosts up almost immediately using the
> blacklist lookup, without having to scan. This removes the
> single-point-of-failure problem (well I suppose someone could still
> DoS the blacklist server, but that would only slow down the k:lining
> of proxybots - if you're that paranoid you could use your own
> blacklist server).
>
> Russ Garrett
> russ at garrett.co.uk
> www.faereal.net
>
> ------------------------------------------------------------------
> To unsubscribe or change your subscription options, visit:
> http://www.ircservices.za.net/mailman/listinfo/ircservices