]> jfr.im git - irc/srvx.git/blame - sockcheck.conf.example
getopt: Fix compile harder
[irc/srvx.git] / sockcheck.conf.example
CommitLineData
222e1b00
E
1/* This file describes what proxy tests to run: what ports to connect
2 * to, what to send to them, what to look for, and what to do if that
3 * is found.
4 */
5
6/* Connect on port 1080, sending "\5\1\0" as challenge.
7 * If we get "\5\0" as a response, it's an unsecured socks5. */
8"1080:050100" {
9 "0500" "reject:Unsecured socks5";
10};
11
12/* Connect on port 1080, sending "\4\1" followed by the port
13 * and IP of the client, followed by the (NUL-terminated) ident to
14 * use. If we get a four byte response with '\x5a' as the second
15 * byte, it's an unsecured socks4 proxy.
16 *
17 * It would be generally wise to replace the $p$i with a hard-coded
18 * one; many insecure proxies refuse to connect to themselves.
19 */
35ffb2ad 20"1080:0401$p$i=p=r=o=x=y00" {
222e1b00
E
21 "..5a...." "reject:Unsecured socks4";
22};
23
24"23:" {
25 // This first test is interesting: multi-stage, and a default action is reject
26 // this crap at the front is the router trying to negotiate telnet options
27 "fffb01fffb03fffd18fffd1f0d0a0d0a=U=s=e=r= =A=c=c=e=s=s= =V=e=r=i=f=i=c=a=t=i=o=n0d0a0d0a=P=a=s=s=w=o=r=d3a= :=c=i=s=c=o0d0a" {
28 "0d0a=P=a=s=s=w=o=r=d3a= " "accept";
d2048f43 29 "other" "reject:[1 hour] Cisco router with default password";
222e1b00
E
30 };
31 "=W=i=n=G=a=t=e=>" "reject:Unsecured wingate";
32 "=T=o=o= =m=a=n=y" "reject:Unsecured wingate";
33 "=E=n=t=e=r= =h=o=s=t= =n=a=m=e" "reject:Unsecured wingate";
34 // the 3a is ':'; due to a parser glitch, =: isn't parsed like you might expect
35 "=E=n=t=e=r= 3a= =<=h=o=s=t=>" "reject:Unsecured wingate";
36};
37
38/* Connect on port 3128 (squid), trying to use a HTTP CONNECT
39 * proxy. If we get a 200 response, it worked and should be
40 * booted.
41 * If you do this check on port 80, you might check for "200
42 * Connection" instead to reduce false positives; many servers
43 * send 200 OK responses for custom 404 Error pages.
44 * As with the SOCKS4 check, you may want to replace the $c:3128
45 * (client hostname and port) with a hard-coded one.
46 */
47"3128:=C=O=N=N=E=C=T= $c=:=3=1=2=8= =H=T=T=P=/=1=.=00d0a0d0a" {
48 "=H=T=T=P=/=1=.=0= =2=0=0" "reject:Unsecured proxy";
49};
50
51"27374:" {
52 "" "reject:Subseven detected";
53};