Date: Mon, 30 Jun 2003 03:47:56 -0400 (EDT) From: Paul Chvostek <paul+fbsd@it.ca> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Paul Chvostek <paul+fbsd@it.ca> Subject: ports/53919: [maintainer update]: security/proxycheck - scans for open proxy servers Message-ID: <200306300747.h5U7luFD012455@foo.it.ca> Resent-Message-ID: <200306300750.h5U7oKAx085122@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 53919 >Category: ports >Synopsis: [maintainer update]: security/proxycheck - scans for open proxy servers >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Jun 30 00:50:20 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Paul Chvostek >Release: FreeBSD 4.7-STABLE i386 >Organization: >Environment: System: FreeBSD foo.it.ca 4.7-STABLE FreeBSD 4.7-STABLE #1: Sun Nov 10 01:01:32 EST 2002 paul@foo.it.ca:/usr/src/sys/compile/foo i386 >Description: removed un-versioned HTML file from DISTFILES, added example content to man page (to be merged with original dist next version) >How-To-Repeat: n/a >Fix: diff -ruN /usr/ports/security/proxycheck/Makefile ./proxycheck/Makefile --- /usr/ports/security/proxycheck/Makefile Fri Jun 13 09:25:23 2003 +++ ./proxycheck/Makefile Mon Jun 30 03:35:49 2003 @@ -7,21 +7,14 @@ PORTNAME= proxycheck PORTVERSION= 0.45 +PORTREVISION= 1 CATEGORIES= security +MASTER_SITES= http://www.corpit.ru/mjt/proxycheck/ \ + http://www.it.ca/~paul/src/ MAINTAINER= paul+ports@it.ca COMMENT= Check for open proxy servers -MASTER_SITES= http://www.corpit.ru/mjt/proxycheck/:0 \ - http://www.it.ca/~paul/src/:0 -DISTFILES= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}:0 -.if !defined(NOPORTDOCS) -EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX} -MASTER_SITES+= http://www.corpit.ru/mjt/:1 \ - http://www.it.ca/~paul/src/:1 -DISTFILES+= proxycheck.html:1 -.endif - MAN1= proxycheck.1 do-install: @@ -30,7 +23,6 @@ .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} @${INSTALL_DATA} ${WRKSRC}/CHANGES ${DOCSDIR} - @${INSTALL_DATA} ${DISTDIR}/proxycheck.html ${DOCSDIR} .endif .include <bsd.port.mk> diff -ruN /usr/ports/security/proxycheck/distinfo ./proxycheck/distinfo --- /usr/ports/security/proxycheck/distinfo Fri Jun 13 04:41:24 2003 +++ ./proxycheck/distinfo Mon Jun 30 03:33:00 2003 @@ -1,2 +1 @@ MD5 (proxycheck-0.45.tar.gz) = 281eebe5ac6727dcdabf1cefcb2424cf -MD5 (proxycheck.html) = 3d393ad5c49e58f20fe9f1d43c359395 diff -ruN /usr/ports/security/proxycheck/files/patch-ac ./proxycheck/files/patch-ac --- /usr/ports/security/proxycheck/files/patch-ac Fri Jun 13 04:41:25 2003 +++ ./proxycheck/files/patch-ac Mon Jun 30 03:29:13 2003 @@ -1,6 +1,38 @@ ---- proxycheck.1.orig Fri Jun 13 03:07:05 2003 -+++ proxycheck.1 Fri Jun 13 03:07:42 2003 -@@ -72,7 +72,7 @@ +--- proxycheck.1.orig Sun May 11 10:47:38 2003 ++++ proxycheck.1 Mon Jun 30 03:23:58 2003 +@@ -1,13 +1,14 @@ + .\" $Id: proxycheck.1,v 1.5 2003/05/11 14:47:38 mjt Exp $ + .\" manpage for proxycheck + .\" Michael Tokarev <mjt@corpit.ru> +- + .TH proxycheck 1 + + .SH NAME ++ + proxycheck \- open proxy server checker + + .SH SYNOPSYS ++ + \fBproxycheck\fR \fIoptions\fR \fIhost\fR[:\fIproto_port_spec\fR]... + + .SH DESCRIPTION +@@ -39,15 +40,12 @@ + + .IP \fB\-h\fR + print a short help and exit. +- + .IP \fB\-v\fR + increase the verbosity level. All debugging messages will + go to standard error stream. +- + .IP "\fB\-d\fR \fIdeshost\fR:\fIdestport\fR (required)" + try to establish a proxied connection to the given \fIdsthost\fR, + port \fIdstport\fR. This option is required. +- + .IP "\fB\-c\fR \fIcheck\fR[:\fIparams\fR] (required)" + the "method" \fBproxycheck\fR will use when talking to a destination + system to determine if a proxy is open or not. Interpretation of +@@ -72,54 +70,45 @@ (username, password, recipient address, cookie server, ...) are expected to be found in environment variables. Run \fBproxycheck\fR with \fB\-h\fR option to see a list of recognized variables and @@ -9,3 +41,110 @@ submit all found proxies to unconfirmed.dsbl.org (which isn't very useful). For trusted DSBL user, at least DSBL_USER and DSBL_PASS variables should be set properly. + .RE +- + .IP "\fB\-p\fR \fIproto_port_spec\fR" + specifies protocol and ports to connect to. If not given, \fBproxycheck\fR + will try it's built-in default list. This option may be specified more + than once. See below for \fIproto_port_spec\fR. If \fIproto_port_spec\fR + is specified for a single host to check, it applies to that host only, + and no protocols/ports in default list will be checked for that host. +- + .IP \fB\-D\fR + do not reset default port list when using \fB\-p\fR option, but prepend + new ports to it instead. +- + .IP \fB\-a\fR + use more "advanced" ports/protocols. The more \fB\-a\fR's given, the more + ports/protocols will be probed. For a complete list of all ports and protocols + and their level, execute \fBproxycheck\fR with \fB\-h\fR option. +- + .IP "\fB\-t\fR \fItimeout\fR" + a timeout, in secounds, for every operation. Default value is 30 secounds. + The timer starts at the connection attempt to the proxy itself, after + sending the "connect" command to the proxy and so on. +- + .IP "\fB\-m\fR \fImaxconn\fR" + Do not attempt to make more than \fImaxconn\fR parallel connections. + By default, maximum number of parallel connections limited by the + operating system and on most systems it is around 1000. +- + .IP "\fB\-M\fR \fImaxhconn\fR" + Do not make more than \fImaxhconn\fR parallel connections to the + same host (default is unlimited). This may be useful for overloaded + proxies which can't handle many parallel connections using different + ports/protocols, but may significantly slow down the whole process. +- + .IP \fB\-s\fR + when an open proxy is found on a given IP, stop probing for other + ports/protocols for this IP. Best used when many IPs are tested, + and/or with \fB\-M\fR option. This is because currently, \fBproxycheck\fR + will not make any \fInew\fR connections to such host, but will wait + for already active connections to complete. +- + .IP "\fB\-b\fR \fIbindaddr\fR" + use \fIbindaddr\fR as a source address for all outgoing connections. +- + .IP \fB\-n\fR + write a line about definitely closed proxies to stdout in additional + to writing about open proxies, in a form +@@ -127,7 +116,6 @@ + .nf + 127.0.0.1 http:8080 closed + .fi +- + .IP \fB\-x\fR + print extended proxy information (proxy-agent and the like) if available. + This will be on the same "open" (or "closed" with -n) line, last, enclosed +@@ -236,6 +224,51 @@ + proxy server was found. In case of incorrect usage, it will exit + with code 1. If no open proxies where found, \fBproxycheck\fR + will return 0. ++ ++.SH EXAMPLES ++In the simplest case, specify: ++ ++.nf ++ proxycheck -vv -ddsthost:dstport -c chat::"waitstr" \fIlist-of-IPs\fR ++.fi ++ ++where ++\fBdsthost\fR is the host and \fBdstport\fR is the port number of the ++destination system, and \fBwaitstr\fR is a string to look for from the remote ++system. If you decide to connect to your own mailserver (which is quite ++logical, since most proxy abuse nowadays is to send spam to your mailserver), ++connect to it first using telnet and see which SMTP greeting string it prints ++out upon connection, and use this string as \fBwaitstr\fR. For example, if ++your mailserver is \fImail.example.com\fR, the following may apply: ++ ++.nf ++ $ \fBtelnet mail.example.com 25\fR ++ Telnet: trying 127.0.0.1... connected. ++ 250 mail.example.com ESMTP welcome ++ \fBQUIT\fR ++.fi ++ ++In this case, \fBproxycheck\fR's command line may look as follows: ++ ++.nf ++ proxycheck -vv -d mail.example.com:25 \\ ++ -c chat::"250 mail.example.com ESMTP welcome" \fIlist-of-IPs\fR ++.fi ++ ++Another usage scenario is to automatically submit all open proxies to ++DSBL.org-style blocklists. For this, specify \fB-c dsbl\fR and set up ++environment variables for dsbl client. The variables \fBDSBL_USER\fR and ++\fBDSBL_PASS\fR are required for non-anonymous DSBL submissions, for anonymous ++submissions to the \fIunconfirmed.dsbl.org\fR defaults are sufficient. To ++submit a proxy to DSBL.org, set destination to the mail exchanger of ++\fIlistme.dsbl.org\fR domain, currently \fImx.listme.dsbl.org\fR. For example: ++ ++.nf ++ DSBL_USER=username DSBL_PASS=password ./proxycheck -vv \\ ++ -dmx.listme.dsbl.org:25 -cdsbl \fIproxyhost\fR ++.fi ++ ++Additional and updated information may be found at the URL below. + + .SH LICENSE + This program is free software. It may be used and distributed diff -ruN /usr/ports/security/proxycheck/pkg-plist ./proxycheck/pkg-plist --- /usr/ports/security/proxycheck/pkg-plist Fri Jun 13 04:41:24 2003 +++ ./proxycheck/pkg-plist Mon Jun 30 03:30:12 2003 @@ -1,4 +1,3 @@ sbin/proxycheck %%PORTDOCS%%share/doc/proxycheck/CHANGES -%%PORTDOCS%%share/doc/proxycheck/proxycheck.html %%PORTDOCS%%@dirrm share/doc/proxycheck >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306300747.h5U7luFD012455>