Date: Fri, 8 Nov 2002 09:32:27 +0000 From: Ceri Davies <setantae@submonkey.net> To: Kris Kennaway <kris@obsecurity.org> Cc: Jun Kuriyama <kuriyama@imgsrc.co.jp>, developers@FreeBSD.org, www@FreeBSD.org Subject: Re: send-pr again Message-ID: <20021108093227.GB57534@submonkey.net> In-Reply-To: <20021108024603.GA23540@rot13.obsecurity.org> References: <20021107202918.GA21969@rot13.obsecurity.org> <20021107204243.GA22068@rot13.obsecurity.org> <20021107225607.GA22962@rot13.obsecurity.org> <7my985htpt.wl@black.imgsrc.co.jp> <20021108024603.GA23540@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 07, 2002 at 06:46:03PM -0800, Kris Kennaway wrote: > On Fri, Nov 08, 2002 at 07:59:26AM +0900, Jun Kuriyama wrote: > > At Thu, 7 Nov 2002 14:56:21 -0800, > > Kris Kennaway wrote: > > > > 2) Probe for an open proxy on the submitting host before accepting the > > > > PR (similar to what modern ircd servers do). > > > > > > If anyone is interested in implementing this, someone gave me the > > > source code to a standalone binary that does this (checks an IP > > > address for an open proxy). It should be an easy matter to integrate > > > this into dosendpr.cgi. > > > > Openproxy checking is already integrated into dosendpr.cgi. > > The current version appears to consult a third-party database of known > open proxies. It apparently doesn't work very well in practice, > because today's attacker was also using an open proxy. The current code is also supposed to log the environment in the PR headers, which it doesn't do for some reason. I'd be grateful if anyone could take a look at this. > The code I have checks for an open proxy on the fly, so it would have > stopped today's attack. I'd be prepared to take a look, although I am in Berlin as of tomorrow with zero connectivity for a week. If it can wait that long, could you send me the relevant bits please. Thanks, Ceri -- Your last day awaits! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-www" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021108093227.GB57534>