This patchset adds two new features to IPFire's web proxy, taking advantage of the Autonomous System information we have at hand by using libloc.
The proactive Fast Flux detection is especially worth noticing, as even most expensive (= advanced?) security suites do not provide similar protection, especially not in a proactive manner.
By simply enumerating the distinct amount of Autonomous System Numbers a FQDN ultimately resolves to, we are able to deny access to malware distribution sites, phishing sites, C&C servers, and other cybercrime stuff hosted on Fast Flux setups abusing cracked machines around the world - even before the FQDN or any IP address involved is flagged as malicious by any security vendor.
Peter Müller (3): squid-asnbl: New package proxy.cgi: Implement proactive Fast Flux detection and detection for selectively announced destinations langs: Add English and German translations for newly added web proxy features
config/rootfiles/common/squid-asnbl | 1 + html/cgi-bin/proxy.cgi | 89 +++++++++++++++++++++++++++++ langs/de/cgi-bin/de.pl | 7 +++ langs/en/cgi-bin/en.pl | 7 +++ lfs/squid-asnbl | 83 +++++++++++++++++++++++++++ make.sh | 1 + 6 files changed, 188 insertions(+) create mode 100644 config/rootfiles/common/squid-asnbl create mode 100644 lfs/squid-asnbl