LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   block incoming proxy? (https://www.linuxquestions.org/questions/linux-newbie-8/block-incoming-proxy-426460/)

vicious_pucca 03-19-2006 11:59 PM
block incoming proxy?
 
i've been trying to block incoming proxies, or at least ones on opm.blitzed.org (well, to be exact, use sbl-xbl.spamhaus.org) in debian.

i've been poking around forums and google, looking at rblcheck, rdnsbld and stuff and still have NO clue how to enable it.

any advise? :D

zidane_tribal 03-20-2006 12:13 PM
blocking incoming proxies on what?

if its an irc server, bopm have their own bot to do just that. if its for anything else, then i have a funny feeling your gonna have to google/think hard.

vicious_pucca 03-20-2006 12:36 PM
yup. "anything else". XD

like.. RBL feed can blacklist IP for mails for sure... so.. shouldn't it be also possible to blacklist IP into firewall?

zidane_tribal 03-20-2006 12:47 PM
yes and no.

yes, it is possible to add all the blacklisted ip's directly into your firewall. but its not feasible. there are thousands of blacklisted ip's and it would require major work to keep your firewall updated and some pretty heavy work for your firewall to check each connection against thousands of blacklisted ip's.

the way the dnsbl's like bopm work is actually pretty simple. say you are on ip 1.2.3.4 and you want to connect to my machine. when you try to connect, my machine does a dns lookup on 4.3.2.1.opm.blitzed.org. basicly, any result back from that dns means you are listed in the dns blacklist and i should refuse your connection. if that dns fails, then you do not exist in the dns database and you are clean.

the problem is that it is notoriously difficult to get a hold of the whole dns database, to hand that out would be effectively handing out a list of thousands of known proxies to anyone who wants them. thats why they only usually allow lookups in the database, rather than the database itself.

depending on what your 'anything else' is, you basicly need a method of collecting the ip address of each connection, then doing the dns on it, if it appears in the dns, then you disconnect it (you could just add the ip to the firewall and block it, then leave its open connection to time out, but that would be incredibly messy)

vicious_pucca 03-22-2006 03:45 PM
hmmm. figured. thanks for the answer.

another question though... is there a good (automated) way to dns compare on connection? like.. every time someone connected to my comp, check blacklist/bopm on it and d/c if it's in a blacklist?

zidane_tribal 03-22-2006 06:23 PM
hell, i have no idea. it depends purely on how they are connecting and what they are connecting to. the might be, there might not.


All times are GMT -5. The time now is 09:27 PM.