On Feb 20, 6:27pm, Henrik Nordstrom wrote:
> On Wednesday 20 February 2002 23:11, Allen Smith wrote:
>
> > > b) Abused by foreign users needing an open proxy to bypass
> > > various laws or restrictions.
> >
> > What makes this an abuse problem? That's one reason I might _want_
> > to run an open proxy, at least for connecting to port 80... and it
> > isn't only foreign users who might need this, at least for the US.
> > And, unless we're talking about webmail et al, what relation does
> > this have to spam limiting rules?
>
> It has nothing to do with spam, but a lot to do with abuse.
>
> If you run an open proxy then you also take liability for the actions
> taken via the proxy to various degrees depending on local laws and
> regulations.
True, although if one restricts this to, for someone in the US, only going
from, say, one APNIC address to another, with proper restrictions on
protocols/ports, the consequences may well be minimal.
> If you intentionally do this and don't care what is
> going on via the proxy, then you most likely do not care about
> spammers either.
Not necessarily.
> If you care what is going on via your proxy, then you shouldn't be
> running an open proxy but a service requiring user registration or
> one only proxying a selected set of sites/services (not protocols),
Ah. I can see this argument, if one allows the second as "all but a
blacklisted set of sites/services likely to be abused".
> and strict anti-abuse rules to prevent spamming and related abuese of
> the proxy.
Yes.
> I estimate that 95% or more of all open proxies are left open
> unintentionally by mistake or oversight by the administrator.
Probably. One common problem is apparently linguistic; instructions in
English are very hard for people in South Korea or China to
follow... see http://www.wired.com/news/print/0,1294,50455,00.html.
> 98% of the intentionally open proxies are run "illegally" without the
> consent of the network operators or administrators by users not knowing
> about the possible impacts,
Rutgers allows any host to run a mailserver, as long as it isn't relaying
spam or otherwise being abused, and without pre-authorization. The same is
true at many other US universities & colleges. This extends to webservers,
including those running CGI scripts... which can easily be proxies
themselves if properly programmed. I have to say that this is not an
"illegal" usage in such a circumstance.
> leaving about .1% of the open proxies as lawful intended open proxies, and
> about 90% of those are run without any risk assesment on abuse,
This I have to agree with... sigh.
> leaving about .01% of the open proxies that are intentionally run as
> lawful and responsible open proxies.
Indeed.
> > Tell that to AT&T WorldNet - see
> > http://www.internetnews.com/isp-news/article/0,,8_976831,00.html.
> > Spam is, as RFG has put it, an Internet infrastructure attack.
>
> It in deed is.
Thank you.
> My comment was relating to the seriousnesses of the issues one can expect
> from running an open proxy.
>
> Spamming mostly hurts the spammed and the mail infrastructure of
> their ISPs, not so much the relays.
This depends on:
A. The usage of blacklists like RFG's, like the one at blitzed.org,
like the one at socks.relays.osirusoft.com (which is being used
by at least RCN/Erols and (I suspect) by other ISPs; it lists
HTTP proxies as well as SOCKS proxies, despite the name), which
will mean that email (and possibly other - I might consider
blocking web traffic from any such, for instance, as the most
effective measure to discourage this) traffic from the proxy
host will start bouncing; and
B. liability issues such as the ones you refer to above - the
possibility of finding people liable for carelessness leading to
their machines being used in a DDoS attack is currently under
exploration.
> Should also note that most spamming via a proxy is not technically
> spamming via the proxy, merely bypassing SMTP anti-spam rules by
> jumping via a proxy to gain access to a SMTP relay server and to
> conseal the origin.
RFG can speak about this aspect better than I can, but I believe that the
exceptions to this are growing from the (rather small amount of) data I've
seen.
> The spammer still needs to know a relay host where to inflate the spam to
> gain any noticeable effect.
If the host running the proxy is also running a MTA, it'll almost certainly
accept connections from the localhost. The same is true of an ISP with an
outgoing mailserver. Or is this what you are meaning by "gain access to a
SMTP relay server"?
> But this is a minor technicality of no importance.
Indeed.
Yours,
-Allen
-- Allen Smith http://cesario.rutgers.edu/easmith/ September 11, 2001 A Day That Shall Live In Infamy II "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin FranklinReceived on Wed Feb 20 2002 - 18:01:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:29 MST