On Thursday 25 Sep 2003 19:35, Pascal wrote: > ---RBL operator--- > Periodically obtain a list of IP addresses to block. Convert each IP to > a 32bit integer and run it through a one-way hashing function saving the > resulting hashes to a file.
Why is thishashing useful? Running through all 32-bit integers and hashing them to reveal what the actual IPs are is within the capabilities of any script kiddie with modern hardware. Just list the IPs and be done with it. > Insert a DBR freesite telling people about your RBL and how to use it, > and include your blocklist inside the site. > > > ---Fred developer--- > Add two config options with defaults: > rbl.port=53 > rbl.uri=SSK%40xxxxxxxxxxxxxxxxxxxxxxxxxPAgM/RBL//blocklist.txt > > Create a servlet that will periodically (as specified by the configured > DBR) pull down the blocklist and listen for dns requests on the > specified port, then convert the requested address to a 32bit integer, > run it through the one-way hash and see if it exists in the blocklist. I wouldn't even bother with a servlet. Just use a shell script with wget/lynx to download the latest blacklist, and then use another script to create a bind zone file from that list. Then just: /etc/rc.d/init.d/named restart and check mail locally agains dnsbl.mydomain. It would be faster, more distributed, and far more resilient to DoS attacks. Let's not overengineer this. Yes, Freenet is probably a part of a solution, but more than one tool is needed to solve this problem sensibly. Would anybody care to ask the people that used to run the Osirusoft, Monkeys and CompuNet RBLs to move their RBL operations to Freenet? Gordan _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
