Re: [squid-users] Re: Open & abused proxy list(s); appeal for instructions on how to close problems

From: Allen Smith <easmith@dont-contact.us>
Date: Wed, 20 Feb 2002 20:08:20 -0500

On Feb 20, 6:27pm, Henrik Nordstrom wrote:
> On Wednesday 20 February 2002 23:11, Allen Smith wrote:
>
> > > b) Abused by foreign users needing an open proxy to bypass
> > > various laws or restrictions.
> >
> > What makes this an abuse problem? That's one reason I might _want_
> > to run an open proxy, at least for connecting to port 80... and it
> > isn't only foreign users who might need this, at least for the US.
> > And, unless we're talking about webmail et al, what relation does
> > this have to spam limiting rules?
>
> It has nothing to do with spam, but a lot to do with abuse.
>
> If you run an open proxy then you also take liability for the actions
> taken via the proxy to various degrees depending on local laws and
> regulations.

True, although if one restricts this to, for someone in the US, only going
from, say, one APNIC address to another, with proper restrictions on
protocols/ports, the consequences may well be minimal.

> If you intentionally do this and don't care what is
> going on via the proxy, then you most likely do not care about
> spammers either.

Not necessarily.

> If you care what is going on via your proxy, then you shouldn't be
> running an open proxy but a service requiring user registration or
> one only proxying a selected set of sites/services (not protocols),

Ah. I can see this argument, if one allows the second as "all but a
blacklisted set of sites/services likely to be abused".

> and strict anti-abuse rules to prevent spamming and related abuese of
> the proxy.

Yes.

> I estimate that 95% or more of all open proxies are left open
> unintentionally by mistake or oversight by the administrator.

Probably. One common problem is apparently linguistic; instructions in
English are very hard for people in South Korea or China to
follow... see http://www.wired.com/news/print/0,1294,50455,00.html.

> 98% of the intentionally open proxies are run "illegally" without the
> consent of the network operators or administrators by users not knowing
> about the possible impacts,

Rutgers allows any host to run a mailserver, as long as it isn't relaying
spam or otherwise being abused, and without pre-authorization. The same is
true at many other US universities & colleges. This extends to webservers,
including those running CGI scripts... which can easily be proxies
themselves if properly programmed. I have to say that this is not an
"illegal" usage in such a circumstance.

> leaving about .1% of the open proxies as lawful intended open proxies, and
> about 90% of those are run without any risk assesment on abuse,

This I have to agree with... sigh.

> leaving about .01% of the open proxies that are intentionally run as
> lawful and responsible open proxies.

Indeed.

> > Tell that to AT&T WorldNet - see
> > http://www.internetnews.com/isp-news/article/0,,8_976831,00.html.
> > Spam is, as RFG has put it, an Internet infrastructure attack.
>
> It in deed is.

Thank you.

> My comment was relating to the seriousnesses of the issues one can expect
> from running an open proxy.
>
> Spamming mostly hurts the spammed and the mail infrastructure of
> their ISPs, not so much the relays.

This depends on:
        A. The usage of blacklists like RFG's, like the one at blitzed.org,
           like the one at socks.relays.osirusoft.com (which is being used
           by at least RCN/Erols and (I suspect) by other ISPs; it lists
           HTTP proxies as well as SOCKS proxies, despite the name), which
           will mean that email (and possibly other - I might consider
           blocking web traffic from any such, for instance, as the most
           effective measure to discourage this) traffic from the proxy
           host will start bouncing; and
        B. liability issues such as the ones you refer to above - the
           possibility of finding people liable for carelessness leading to
           their machines being used in a DDoS attack is currently under
           exploration.

> Should also note that most spamming via a proxy is not technically
> spamming via the proxy, merely bypassing SMTP anti-spam rules by
> jumping via a proxy to gain access to a SMTP relay server and to
> conseal the origin.

RFG can speak about this aspect better than I can, but I believe that the
exceptions to this are growing from the (rather small amount of) data I've
seen.

> The spammer still needs to know a relay host where to inflate the spam to
> gain any noticeable effect.

If the host running the proxy is also running a MTA, it'll almost certainly
accept connections from the localhost. The same is true of an ISP with an
outgoing mailserver. Or is this what you are meaning by "gain access to a
SMTP relay server"?

> But this is a minor technicality of no importance.

Indeed.

        Yours,

        -Allen

-- 
Allen Smith			http://cesario.rutgers.edu/easmith/
September 11, 2001		A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin
Received on Wed Feb 20 2002 - 18:01:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:29 MST