Proxy scanning (was RE: [IRCServices] Another Feature Suggestion)

Russell Garrett rg at tcslon.com
Fri May 31 12:18:01 PDT 2002


> Since Services 5 will (or at very least could, given
> coding for a module)
> sport global Z: line management, would it make sense to
> have it send a
> message so that it adds your desired Z: line to Services?
> Or should one
> collect up the accumulated Z: lines on the respective
> servers BOPM is
> running on and manually add them later?

The only problem with this is the single-point-of-failure problem: If
someone DoSes your Services server, or the services hub off, then the
point of having a seperate proxy monitor on each server is defeated,
as they can't submit their z:lines.

The most resilient solution, at least with BOPM, is to get each
individual BOPM bot to submit by e-mail to blitzednet's DNS blacklist
(you have to e-mail them to set this up, but it's very efficient) -
all the other BOPM proxy monitors on your network and everywhere else
will then pick compromised hosts up almost immediately using the
blacklist lookup, without having to scan. This removes the
single-point-of-failure problem (well I suppose someone could still
DoS the blacklist server, but that would only slow down the k:lining
of proxybots - if you're that paranoid you could use your own
blacklist server).

Russ Garrett
russ at garrett.co.uk
www.faereal.net