On Thursday, November 14, 2002, at 04:18 PM, Warren Michelsen wrote:
I have not bothered to look at their site or read their explanation. but I think I know what they are talking about..At 4:18 PM -0500 11/14/2002, Bill Cole wrote:At 11:01 AM -0700 11/14/02, Warren Michelsen imposed structure on a stream of electrons, yielding:OK, thanks. Question: they seem to use a different return value than other DNSBLs. They say:
Can anyone recommend a good DNSBL for open proxies and such, that might catch these, without collateral damage?opm.blitzed.org
In the combined zone (opm.blitzed.org) the A record has an IP address of 127.1.0.x where x is a bitmask of the types of proxy that have been reported to be running on the host. The values of the bitmask are as follows:
WinGate 1
Socks 2
HTTP Connect 4
Cisco 8
HTTP Post 16
Bitmask? I'm not sure I understand. Which open proxies should I be concerned about (WinGate, Socks, etc.) from the list above and what values do I place in my blacklist for each, what values are returned for each?
If I understand this bitmask thing correctly, then the list items would return values as follows:
WinGate 127.1.0.1 (1 bit of the last quad set)
Socks 127.1.0.3 (2 bits of the last quad set)
HTTP Connect 127.1.0.15 (4 bits of the last quad set)
Cisco 127.1.0.255 (all 8 bits of the last quad set)
HTTP Post ummm... (Heres where the bitmask thing doesn't seem quite right.)
Someone please 'splain "bitmask" to me in this application.
In computers the bits in a byte or word are numbered with a common standard equating the least significant bit (LSB) to be "bit 0". So:
00000001 = 1 Wingate
00000010 = 2 Socks
00000100 = 4 HTTP Connect
00001000 = 8 Cisco
00010000 = 16 HTTP Post
So a return code of 127.1.0.3 has 3 in the last byte. In bits this is 00000011 which would mean that BOTH Wingate and Socks were reported to be running on the host.
If you dont care what the proxies are, just block everything from 127.1.0.2 through 127.1.31. If you wish to block some but not other proxy types, then you will have to set up a number (up to 32) individual entries in the black listed hosts entries.
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
