1 |
<?xml version="1.0"?> |
2 |
<!-- Documented configuration file for pxyscand (from pxys v2 package) |
3 |
$Id: doc-pxyscandconf.xml,v 1.1 2004/01/03 00:04:58 mbuna Exp $ |
4 |
--> |
5 |
<pxyscand> |
6 |
|
7 |
<!-- pxyscand uses a lightweight binary protocol (currently only implemented |
8 |
over TCP) called the OPAS protocol. Protocol's draft is located in |
9 |
pxys2/libopas/doc/draft-opas-1.txt. |
10 |
|
11 |
port: the port to listen to |
12 |
bind-address: source address of the listener (empty for default) |
13 |
protocol: only tcp for now |
14 |
allow: can be defined several times, it defines an IP to allow |
15 |
requests from. |
16 |
limit: not implemented yet |
17 |
--> |
18 |
<opas> |
19 |
<port>9601</port> |
20 |
<bind-address>172.16.0.5</bind-address> |
21 |
<protocol>tcp</protocol> |
22 |
<allow>172.16.0.5</allow> |
23 |
<limit>0</limit><!-- requests per minute, 0=unlimited --> |
24 |
</opas> |
25 |
|
26 |
<!-- The scanner tag defines very important settings of your proxy scanner: |
27 |
|
28 |
maxscans: number of max socket to open for scanning - the more you have, |
29 |
the more you can scan at the same time. I use a value > 10000 on the |
30 |
Undernet. Be careful, you often need to do some system's tunning to |
31 |
increase this value (using sysctl for example on BSD systems...). |
32 |
The total number of simultaneous IPs you can scan is |
33 |
maxscans/number_of_modules_enabled. |
34 |
4000 is already a very big value; a good way to do it is to try a low |
35 |
value and see: if the scanning activity stays at 100% (use the |
36 |
"/msg prox status -scan" command) then increase it. |
37 |
|
38 |
module: see, it's easy to add other http proxy ports, or to comment |
39 |
a type of scan... Note that the wingate module contains the insecure |
40 |
Cisco detection (2 in 1 scan). |
41 |
|
42 |
source-pool, optional tag: 1 or more source IPs to scan from ("vhosts"). |
43 |
An uniform random shuffle is done by the scanner to fool firewalls. |
44 |
|
45 |
target, for some scans like socks4 scanning, because the proxy doesn't |
46 |
reply a proper error or status flag, we need to be sure the socks has |
47 |
really connected to something (eg. an IRC server). IMPORTANT: so please |
48 |
maintain an up-to-date list of one or a few targets (i recommend the |
49 |
more stable servers of your IRC network). If the scanner has no more |
50 |
target IP up, it can't scan! |
51 |
|
52 |
target-check: pxyscand performs a simple connect check on the current |
53 |
target IP, to verify it's still up. If not, it trys the next one. |
54 |
target-check is a delay in seconds of these checks' frequency. |
55 |
|
56 |
log-agent: relative or (prefered) full path of http agents logging, for |
57 |
stats purpose, it's fun. |
58 |
|
59 |
timeout: connect() timeout in seconds. Important setting. If your |
60 |
scanner get lagged, increase this value as some proxies might not be |
61 |
found. |
62 |
|
63 |
string: a string to match when connecting to a target host via a proxy, |
64 |
used to detect a real proxy connection, and thus to detect the proxy. |
65 |
You can define several matching strings. |
66 |
|
67 |
--> |
68 |
<scanner> |
69 |
<maxscans>4000</maxscans> |
70 |
<!-- built-in module types: wingate,socks,crazybandit,http --> |
71 |
<module type="wingate" /> |
72 |
<module type="socks" /> |
73 |
<module type="crazybandit" /> |
74 |
<module type="http">3128</module> |
75 |
<module type="http">6588</module> |
76 |
<module type="http">8080</module> |
77 |
<module type="http">4480</module> |
78 |
<module type="http">80</module> |
79 |
<module type="http">8000</module> |
80 |
|
81 |
<!-- |
82 |
<source-pool> |
83 |
<address>172.16.0.51</address> |
84 |
<address>172.16.0.52</address> |
85 |
<address>172.16.0.53</address> |
86 |
<address>172.16.0.54</address> |
87 |
<address>172.16.0.55</address> |
88 |
</source-pool> |
89 |
--> |
90 |
|
91 |
|
92 |
<!-- set scans target (for some scans): IPs of some of your network's stable |
93 |
servers.. |
94 |
--> |
95 |
<target> |
96 |
<address>193.109.122.67</address> |
97 |
<port>6668</port> |
98 |
</target> |
99 |
<target> |
100 |
<address>62.235.13.228</address> |
101 |
<port>6668</port> |
102 |
</target> |
103 |
<target-check>600</target-check> |
104 |
<log-agent>agent.log</log-agent> |
105 |
<timeout>30</timeout> |
106 |
<string>NOTICE AUTH :</string> |
107 |
<string>ERROR :</string> |
108 |
</scanner> |
109 |
|
110 |
|
111 |
<!-- pxyscand uses an efficient LRU IP cache for proxy and non-proxy IPs. |
112 |
This usually avoid a LOT of scans to be performed again. |
113 |
|
114 |
directory: a (prefered) full path of the directory where the cache |
115 |
files should be stored. The directory must exist. |
116 |
|
117 |
expire: expire duration in seconds for non-proxy IPs, should probably |
118 |
be at least 1 day to not annoy too much. |
119 |
|
120 |
proxy-expire: expire duration in seconds of a proxy IP found. Please, |
121 |
don't set a too high expiration duration here, some users fix their |
122 |
proxy in a few hours, or sometimes it can be accidental, etc. |
123 |
|
124 |
maxips: max number of IPs of the noproxy IP cache. A prime number |
125 |
increases performance. |
126 |
|
127 |
--> |
128 |
<cache> |
129 |
<directory>ipcache</directory> |
130 |
<expire>86400</expire><!-- seconds --> |
131 |
<proxy-expire>21600</proxy-expire> |
132 |
<maxips>1000003</maxips><!-- a prime number is better --> |
133 |
<!-- http://www.utm.edu/research/primes/lists/small/100ktwins.txt --> |
134 |
</cache> |
135 |
|
136 |
|
137 |
<!-- pxyscand has its own noscan tag too, like pxyservd, but only for IP |
138 |
or IP ranges! By default, the local networks are enabled: |
139 |
--> |
140 |
<noscan> |
141 |
<address>127.0.0.1</address> |
142 |
<address>255.255.255.255</address> |
143 |
<address>0/8</address> |
144 |
<address>10/8</address> |
145 |
<address>172.16/12</address> |
146 |
<address>192.168/16</address> |
147 |
</noscan> |
148 |
|
149 |
</pxyscand> |