We used to use SORBS to blacklist open proxies, but that's pretty dodgy (requiring a $50 donation to remove an IP). Now we don't use anything, which means that admins have to manually block thousands of IPs if some spammer or vandal starts attacking from open proxies. See bug 6988: http://bugs.wikimedia.org/show_bug.cgi?id=6988. An admin from kuwiki just came on #mediawiki asking how to block *all* anonymous users due to the severity of the onslaught (see http://ku.wikipedia.org/w/index.php?title=Taybet:Recentchanges&hideliu=1). Similar issues on a lesser scale occur on many projects, which is why we have the open-proxy-blocking policy in the first place.
So, after some Googling, I found http://www.declude.com/Articles.asp?ID=97, a list of various DNSBLs. One promising one appears to be AHBL: see http://www.ahbl.org/services.php. They offer various DNSBLs, but the two of interest to us are probably their Tor and IRC lists (the latter blocks open proxies and otherwise infected computers). Of course, these need to be subjected to scrutiny before we actually use them, and a whitelist (per-project? on Meta?) would be a good idea as well in case we're convinced there's a false positive.
What should detected proxies be prevented from doing? Editing anonymously, obviously, and creating accounts, at least to begin with. Registered editing could eventually be prohibited if known good users are whitelistable per-project somehow (by username, not by IP).