Proxy scanning (was RE: [IRCServices] Another Feature Suggestion)
Ross Hosman
rosshosman at charter.net
Fri May 31 14:58:01 PDT 2002
wasn't heh, sorry
----- Original Message -----
From: "Ross Hosman" <rosshosman at charter.net>
To: <ircservices at ircservices.za.net>
Sent: Friday, May 31, 2002 7:51 AM
Subject: Re: Proxy scanning (was RE: [IRCServices] Another Feature
Suggestion)
> btw, I was suggesting floodserv as a proxy monitor but as a
channel/network
> flood monitor.
>
> ----- Original Message -----
> From: "Russell Garrett" <rg at tcslon.com>
> To: <ircservices at ircservices.za.net>
> Sent: Friday, May 31, 2002 5:17 AM
> Subject: RE: Proxy scanning (was RE: [IRCServices] Another Feature
> Suggestion)
>
>
> > > Since Services 5 will (or at very least could, given
> > > coding for a module)
> > > sport global Z: line management, would it make sense to
> > > have it send a
> > > message so that it adds your desired Z: line to Services?
> > > Or should one
> > > collect up the accumulated Z: lines on the respective
> > > servers BOPM is
> > > running on and manually add them later?
> >
> > The only problem with this is the single-point-of-failure problem: If
> > someone DoSes your Services server, or the services hub off, then the
> > point of having a seperate proxy monitor on each server is defeated,
> > as they can't submit their z:lines.
> >
> > The most resilient solution, at least with BOPM, is to get each
> > individual BOPM bot to submit by e-mail to blitzednet's DNS blacklist
> > (you have to e-mail them to set this up, but it's very efficient) -
> > all the other BOPM proxy monitors on your network and everywhere else
> > will then pick compromised hosts up almost immediately using the
> > blacklist lookup, without having to scan. This removes the
> > single-point-of-failure problem (well I suppose someone could still
> > DoS the blacklist server, but that would only slow down the k:lining
> > of proxybots - if you're that paranoid you could use your own
> > blacklist server).
> >
> > Russ Garrett
> > russ at garrett.co.uk
> > www.faereal.net
> >
> > ------------------------------------------------------------------
> > To unsubscribe or change your subscription options, visit:
> > http://www.ircservices.za.net/mailman/listinfo/ircservices
>
> ------------------------------------------------------------------
> To unsubscribe or change your subscription options, visit:
> http://www.ircservices.za.net/mailman/listinfo/ircservices