Search squid archive

Re: Google Safe Browsing API - Integration with squid?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Henrik Nordstrom wrote:
>> sön 2007-06-24 klockan 23:49 +0200 skrev Andreas Pettersson
>>> I'm not sure I follow you here..
>>> If phisher has control of evil.com he could send out send out unique
>>> urls in each and every spam, all pointing to the same physical host.
>>> Sure, MD5 hashes is efficient, but the number of possible urls is
>>> nearly
>>> unlimited. It would be much easier to list the host instead.
>>>
>> And the Google SafeBrowsing lookup algorithm allows just that.. It's not
>> just an MD5 of the complete URL. The URL is processed in many steps of
>> varying granularity, each producing an MD5 to look up in the blacklist.
>>
>> http://code.google.com/apis/safebrowsing/developers_guide.html#PerformingLookups
>>
>> Note: In the worst case there is 5 * 6 = 30 different lookups per URL.
>> Normally less than 10 however
>
> [walks away and stands in the corner]
> Believe it or not, I actually read that guide before making my initial
> post, but apparently it completely vanished from my memory...
> Perhaps It happened when Phishtank was brought up.
>

If you're going to take that route the most efficient way to do it is to
allow an admin-configured RHSBL or RBL with an ACL on the dst or
dstdomain, (lookup the SURBL query algorithm). Rather than any single
custom API. rbldnsd can be setup and used easily by anyone in conjunction
with a squid.

I currently use external helpers to check against ~30 RBL and ~3 RHSBL.
Making a built-in ACL is on my wishlist, but way down since external
helpers do it okay for now.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux