Re^2: RFC: CPAN module for blocking open proxy requests

If some serious computer admin would notice and check it out, let's hope that s/he sees that the following HTTP requests are made from HTTP::ProxyTest, and concludes that it's for a good purpose. Nobody has complained to me so far, btw. ;-)

I like your suggestion. Will write a simple template for next release.

Normally a lookup takes somewhere between 5 - 20 seconds, and I believe that the average is at the lower side of that interval. However, some hosts have filtered all the ports, and in those cases it may take more than 30 seconds. Also, a 'clean' host will not be tested more often than once a week.

Thanks for taking the time to check out the module and post your comments.

Comment on Re^2: RFC: CPAN module for blocking open proxy requests

Replies are listed 'Best First'.
Re^3: RFC: CPAN module for blocking open proxy requests by mr_mischief (Monsignor) on Jul 20, 2010 at 08:43 UTC
Despite your good intentions and noble goals, I hold that there is no valid reason for a web server to try to make unsolicited connections to my system. A port scan detector I sometimes run on my network would automatically start dropping packets from your host and notify me and your ISP's IP range abuse admin of the attack.It has to be manually overridden not to take those actions for a particular host or network range. You may want to announce somewhere near your comment entry box that you'll be using this type of countermeasure so people don't think you're the one stirring up trouble. In most instances, I don't think people look any more kindly on port scanning of their systems than they do on spam. If you make it clear what's going on and why, you're likely to get more support for it. I know I'm always happy to allow anti-cheating tests during games and such if I know what they are going to do and why. By agreeing to use a service which I know will be port scanning my systems, I would be agreeing to the scan. That's a much better scenario than you just scanning my network without telling me. How do you deal with multiple people in the same community who share a pool of short-lived DHCP leases if you only check once per week?	[reply]
Re^4: RFC: CPAN module for blocking open proxy requests by Gunnar (Novice) on Aug 11, 2010 at 02:28 UTC
Thanks for sharing your concerns, mr_mischief. Needless to say I don't agree. ;-) Despite your good intentions and noble goals, I hold that there is no valid reason for a web server to try to make unsolicited connections to my system. Don't all serious admins of Internet connected systems have to endure some traffic in order to help fighting the bad guys out there? I think they have. Provided that your system does not carry an open proxy, we are talking about max one scan per week, comprising just a few ports that are often used for open proxies. My belief is that very few system admins would care, irrespective of their general view on "unsolicited connections", as you put it. You may want to announce somewhere near your comment entry box that you'll be using this type of countermeasure so people don't think you're the one stirring up trouble. For the above reason, I don't think that 'innocent' admins would ever read such an announcement. Informing them about the purpose would be a good thing, but I can't see how it could be done. If admins of open proxies feel troubled, I couldn't care less. How do you deal with multiple people in the same community who share a pool of short-lived DHCP leases if you only check once per week? HTTP::ProxyTest tests IP addresses; what else can I say?	[reply]