On Thursday, November 14, 2002, at 05:18 PM, Warren Michelsen wrote:
This means if WinGate is open and nothing else, it will return 127.1.0.1. If WinGate and Cisco are open it returns 127.1.0.9.At 4:18 PM -0500 11/14/2002, Bill Cole wrote:At 11:01 AM -0700 11/14/02, Warren Michelsen imposed structure on a stream of electrons, yielding:OK, thanks. Question: they seem to use a different return value than other DNSBLs. They say:
Can anyone recommend a good DNSBL for open proxies and such, that might catch these, without collateral damage?opm.blitzed.org
In the combined zone (opm.blitzed.org) the A record has an IP address of 127.1.0.x where x is a bitmask of the types of proxy that have been reported to be running on the host. The values of the bitmask are as follows:
WinGate 1
Socks 2
HTTP Connect 4
Cisco 8
HTTP Post 16
Bitmask? I'm not sure I understand.
Which open proxies should I be concerned about (WinGate, Socks, etc.)
All of them.
from the list above and what values do I place in my blacklist for each, what values are returned for each?
127.0.0.2-127.255.255.255 sounds good :)
Addative. This way the final number tells you exactly which proxies are opne. For example, 127.1.0.21 would mean that WinGate, HTTP COnenct and HTTP Post where open, but not Socks or Cisco.
If I understand this bitmask thing correctly, then the list items would return values as follows:
WinGate 127.1.0.1 (1 bit of the last quad set)
Socks 127.1.0.3 (2 bits of the last quad set)
HTTP Connect 127.1.0.15 (4 bits of the last quad set)
Cisco 127.1.0.255 (all 8 bits of the last quad set)
HTTP Post ummm... (Heres where the bitmask thing doesn't seem quite right.)
Someone please 'splain "bitmask" to me in this application.
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
