LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-20-2006, 12:59 AM   #1
vicious_pucca
LQ Newbie
 
Registered: Aug 2005
Posts: 10

Rep: Reputation: 0
block incoming proxy?


i've been trying to block incoming proxies, or at least ones on opm.blitzed.org (well, to be exact, use sbl-xbl.spamhaus.org) in debian.

i've been poking around forums and google, looking at rblcheck, rdnsbld and stuff and still have NO clue how to enable it.

any advise?
 
Old 03-20-2006, 01:13 PM   #2
zidane_tribal
Member
 
Registered: Apr 2005
Location: chained to my console.
Distribution: LFS 6.1
Posts: 143

Rep: Reputation: 18
blocking incoming proxies on what?

if its an irc server, bopm have their own bot to do just that. if its for anything else, then i have a funny feeling your gonna have to google/think hard.
 
Old 03-20-2006, 01:36 PM   #3
vicious_pucca
LQ Newbie
 
Registered: Aug 2005
Posts: 10

Original Poster
Rep: Reputation: 0
yup. "anything else". XD

like.. RBL feed can blacklist IP for mails for sure... so.. shouldn't it be also possible to blacklist IP into firewall?
 
Old 03-20-2006, 01:47 PM   #4
zidane_tribal
Member
 
Registered: Apr 2005
Location: chained to my console.
Distribution: LFS 6.1
Posts: 143

Rep: Reputation: 18
yes and no.

yes, it is possible to add all the blacklisted ip's directly into your firewall. but its not feasible. there are thousands of blacklisted ip's and it would require major work to keep your firewall updated and some pretty heavy work for your firewall to check each connection against thousands of blacklisted ip's.

the way the dnsbl's like bopm work is actually pretty simple. say you are on ip 1.2.3.4 and you want to connect to my machine. when you try to connect, my machine does a dns lookup on 4.3.2.1.opm.blitzed.org. basicly, any result back from that dns means you are listed in the dns blacklist and i should refuse your connection. if that dns fails, then you do not exist in the dns database and you are clean.

the problem is that it is notoriously difficult to get a hold of the whole dns database, to hand that out would be effectively handing out a list of thousands of known proxies to anyone who wants them. thats why they only usually allow lookups in the database, rather than the database itself.

depending on what your 'anything else' is, you basicly need a method of collecting the ip address of each connection, then doing the dns on it, if it appears in the dns, then you disconnect it (you could just add the ip to the firewall and block it, then leave its open connection to time out, but that would be incredibly messy)
 
Old 03-22-2006, 04:45 PM   #5
vicious_pucca
LQ Newbie
 
Registered: Aug 2005
Posts: 10

Original Poster
Rep: Reputation: 0
hmmm. figured. thanks for the answer.

another question though... is there a good (automated) way to dns compare on connection? like.. every time someone connected to my comp, check blacklist/bopm on it and d/c if it's in a blacklist?
 
Old 03-22-2006, 07:23 PM   #6
zidane_tribal
Member
 
Registered: Apr 2005
Location: chained to my console.
Distribution: LFS 6.1
Posts: 143

Rep: Reputation: 18
hell, i have no idea. it depends purely on how they are connecting and what they are connecting to. the might be, there might not.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Want to block an ip without proxy shipon_97 Linux - Newbie 2 03-14-2006 04:07 AM
block msn in transparent proxy faraza Linux - Networking 1 01-18-2006 03:45 PM
NOOB: Firewall how do I configure it to block all incoming info? PionexUser Linux - Security 1 11-19-2003 11:39 PM
deleted user accont in sendmail how do i block incoming mail slack66 Linux - Security 2 11-18-2003 02:16 AM
Block incoming port Iptables cli_man Linux - Networking 5 08-11-2003 09:32 PM


All times are GMT -5. The time now is 06:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration