Date: Mon, 30 Jun 2003 03:47:56 -0400 (EDT) From: Paul Chvostek <paul+fbsd@it.ca> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Paul Chvostek <paul+fbsd@it.ca> Subject: ports/53919: [maintainer update]: security/proxycheck - scans for open proxy servers Message-ID: <200306300747.h5U7luFD012455@foo.it.ca> Resent-Message-ID: <200306300750.h5U7oKAx085122@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 53919
>Category: ports
>Synopsis: [maintainer update]: security/proxycheck - scans for open proxy servers
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 30 00:50:20 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Paul Chvostek
>Release: FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD foo.it.ca 4.7-STABLE FreeBSD 4.7-STABLE #1: Sun Nov 10 01:01:32 EST 2002 paul@foo.it.ca:/usr/src/sys/compile/foo i386
>Description:
removed un-versioned HTML file from DISTFILES,
added example content to man page (to be merged with original dist next version)
>How-To-Repeat:
n/a
>Fix:
diff -ruN /usr/ports/security/proxycheck/Makefile ./proxycheck/Makefile
--- /usr/ports/security/proxycheck/Makefile Fri Jun 13 09:25:23 2003
+++ ./proxycheck/Makefile Mon Jun 30 03:35:49 2003
@@ -7,21 +7,14 @@
PORTNAME= proxycheck
PORTVERSION= 0.45
+PORTREVISION= 1
CATEGORIES= security
+MASTER_SITES= http://www.corpit.ru/mjt/proxycheck/ \
+ http://www.it.ca/~paul/src/
MAINTAINER= paul+ports@it.ca
COMMENT= Check for open proxy servers
-MASTER_SITES= http://www.corpit.ru/mjt/proxycheck/:0 \
- http://www.it.ca/~paul/src/:0
-DISTFILES= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}:0
-.if !defined(NOPORTDOCS)
-EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}
-MASTER_SITES+= http://www.corpit.ru/mjt/:1 \
- http://www.it.ca/~paul/src/:1
-DISTFILES+= proxycheck.html:1
-.endif
-
MAN1= proxycheck.1
do-install:
@@ -30,7 +23,6 @@
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
@${INSTALL_DATA} ${WRKSRC}/CHANGES ${DOCSDIR}
- @${INSTALL_DATA} ${DISTDIR}/proxycheck.html ${DOCSDIR}
.endif
.include <bsd.port.mk>
diff -ruN /usr/ports/security/proxycheck/distinfo ./proxycheck/distinfo
--- /usr/ports/security/proxycheck/distinfo Fri Jun 13 04:41:24 2003
+++ ./proxycheck/distinfo Mon Jun 30 03:33:00 2003
@@ -1,2 +1 @@
MD5 (proxycheck-0.45.tar.gz) = 281eebe5ac6727dcdabf1cefcb2424cf
-MD5 (proxycheck.html) = 3d393ad5c49e58f20fe9f1d43c359395
diff -ruN /usr/ports/security/proxycheck/files/patch-ac ./proxycheck/files/patch-ac
--- /usr/ports/security/proxycheck/files/patch-ac Fri Jun 13 04:41:25 2003
+++ ./proxycheck/files/patch-ac Mon Jun 30 03:29:13 2003
@@ -1,6 +1,38 @@
---- proxycheck.1.orig Fri Jun 13 03:07:05 2003
-+++ proxycheck.1 Fri Jun 13 03:07:42 2003
-@@ -72,7 +72,7 @@
+--- proxycheck.1.orig Sun May 11 10:47:38 2003
++++ proxycheck.1 Mon Jun 30 03:23:58 2003
+@@ -1,13 +1,14 @@
+ .\" $Id: proxycheck.1,v 1.5 2003/05/11 14:47:38 mjt Exp $
+ .\" manpage for proxycheck
+ .\" Michael Tokarev <mjt@corpit.ru>
+-
+ .TH proxycheck 1
+
+ .SH NAME
++
+ proxycheck \- open proxy server checker
+
+ .SH SYNOPSYS
++
+ \fBproxycheck\fR \fIoptions\fR \fIhost\fR[:\fIproto_port_spec\fR]...
+
+ .SH DESCRIPTION
+@@ -39,15 +40,12 @@
+
+ .IP \fB\-h\fR
+ print a short help and exit.
+-
+ .IP \fB\-v\fR
+ increase the verbosity level. All debugging messages will
+ go to standard error stream.
+-
+ .IP "\fB\-d\fR \fIdeshost\fR:\fIdestport\fR (required)"
+ try to establish a proxied connection to the given \fIdsthost\fR,
+ port \fIdstport\fR. This option is required.
+-
+ .IP "\fB\-c\fR \fIcheck\fR[:\fIparams\fR] (required)"
+ the "method" \fBproxycheck\fR will use when talking to a destination
+ system to determine if a proxy is open or not. Interpretation of
+@@ -72,54 +70,45 @@
(username, password, recipient address, cookie server, ...) are
expected to be found in environment variables. Run \fBproxycheck\fR
with \fB\-h\fR option to see a list of recognized variables and
@@ -9,3 +41,110 @@
submit all found proxies to unconfirmed.dsbl.org (which isn't very
useful). For trusted DSBL user, at least DSBL_USER and DSBL_PASS
variables should be set properly.
+ .RE
+-
+ .IP "\fB\-p\fR \fIproto_port_spec\fR"
+ specifies protocol and ports to connect to. If not given, \fBproxycheck\fR
+ will try it's built-in default list. This option may be specified more
+ than once. See below for \fIproto_port_spec\fR. If \fIproto_port_spec\fR
+ is specified for a single host to check, it applies to that host only,
+ and no protocols/ports in default list will be checked for that host.
+-
+ .IP \fB\-D\fR
+ do not reset default port list when using \fB\-p\fR option, but prepend
+ new ports to it instead.
+-
+ .IP \fB\-a\fR
+ use more "advanced" ports/protocols. The more \fB\-a\fR's given, the more
+ ports/protocols will be probed. For a complete list of all ports and protocols
+ and their level, execute \fBproxycheck\fR with \fB\-h\fR option.
+-
+ .IP "\fB\-t\fR \fItimeout\fR"
+ a timeout, in secounds, for every operation. Default value is 30 secounds.
+ The timer starts at the connection attempt to the proxy itself, after
+ sending the "connect" command to the proxy and so on.
+-
+ .IP "\fB\-m\fR \fImaxconn\fR"
+ Do not attempt to make more than \fImaxconn\fR parallel connections.
+ By default, maximum number of parallel connections limited by the
+ operating system and on most systems it is around 1000.
+-
+ .IP "\fB\-M\fR \fImaxhconn\fR"
+ Do not make more than \fImaxhconn\fR parallel connections to the
+ same host (default is unlimited). This may be useful for overloaded
+ proxies which can't handle many parallel connections using different
+ ports/protocols, but may significantly slow down the whole process.
+-
+ .IP \fB\-s\fR
+ when an open proxy is found on a given IP, stop probing for other
+ ports/protocols for this IP. Best used when many IPs are tested,
+ and/or with \fB\-M\fR option. This is because currently, \fBproxycheck\fR
+ will not make any \fInew\fR connections to such host, but will wait
+ for already active connections to complete.
+-
+ .IP "\fB\-b\fR \fIbindaddr\fR"
+ use \fIbindaddr\fR as a source address for all outgoing connections.
+-
+ .IP \fB\-n\fR
+ write a line about definitely closed proxies to stdout in additional
+ to writing about open proxies, in a form
+@@ -127,7 +116,6 @@
+ .nf
+ 127.0.0.1 http:8080 closed
+ .fi
+-
+ .IP \fB\-x\fR
+ print extended proxy information (proxy-agent and the like) if available.
+ This will be on the same "open" (or "closed" with -n) line, last, enclosed
+@@ -236,6 +224,51 @@
+ proxy server was found. In case of incorrect usage, it will exit
+ with code 1. If no open proxies where found, \fBproxycheck\fR
+ will return 0.
++
++.SH EXAMPLES
++In the simplest case, specify:
++
++.nf
++ proxycheck -vv -ddsthost:dstport -c chat::"waitstr" \fIlist-of-IPs\fR
++.fi
++
++where
++\fBdsthost\fR is the host and \fBdstport\fR is the port number of the
++destination system, and \fBwaitstr\fR is a string to look for from the remote
++system. If you decide to connect to your own mailserver (which is quite
++logical, since most proxy abuse nowadays is to send spam to your mailserver),
++connect to it first using telnet and see which SMTP greeting string it prints
++out upon connection, and use this string as \fBwaitstr\fR. For example, if
++your mailserver is \fImail.example.com\fR, the following may apply:
++
++.nf
++ $ \fBtelnet mail.example.com 25\fR
++ Telnet: trying 127.0.0.1... connected.
++ 250 mail.example.com ESMTP welcome
++ \fBQUIT\fR
++.fi
++
++In this case, \fBproxycheck\fR's command line may look as follows:
++
++.nf
++ proxycheck -vv -d mail.example.com:25 \\
++ -c chat::"250 mail.example.com ESMTP welcome" \fIlist-of-IPs\fR
++.fi
++
++Another usage scenario is to automatically submit all open proxies to
++DSBL.org-style blocklists. For this, specify \fB-c dsbl\fR and set up
++environment variables for dsbl client. The variables \fBDSBL_USER\fR and
++\fBDSBL_PASS\fR are required for non-anonymous DSBL submissions, for anonymous
++submissions to the \fIunconfirmed.dsbl.org\fR defaults are sufficient. To
++submit a proxy to DSBL.org, set destination to the mail exchanger of
++\fIlistme.dsbl.org\fR domain, currently \fImx.listme.dsbl.org\fR. For example:
++
++.nf
++ DSBL_USER=username DSBL_PASS=password ./proxycheck -vv \\
++ -dmx.listme.dsbl.org:25 -cdsbl \fIproxyhost\fR
++.fi
++
++Additional and updated information may be found at the URL below.
+
+ .SH LICENSE
+ This program is free software. It may be used and distributed
diff -ruN /usr/ports/security/proxycheck/pkg-plist ./proxycheck/pkg-plist
--- /usr/ports/security/proxycheck/pkg-plist Fri Jun 13 04:41:24 2003
+++ ./proxycheck/pkg-plist Mon Jun 30 03:30:12 2003
@@ -1,4 +1,3 @@
sbin/proxycheck
%%PORTDOCS%%share/doc/proxycheck/CHANGES
-%%PORTDOCS%%share/doc/proxycheck/proxycheck.html
%%PORTDOCS%%@dirrm share/doc/proxycheck
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306300747.h5U7luFD012455>