|
|
up-to-the-second blackhole list server designed to monitor global network
activity and make decisions based on network spread and infection rate -
that is, abuse from an address which has been reported by a number of
participating networks. This is in far contrast to how most other
blacklists function, where fallable humans (many with political agendas) must
process thousands of reports and make decisions - many times after the fact.
The RABL is fully reactive to new threats and can block addresses within
seconds of widespread infection - good to know in this world of drone PCs
and stolen accounts. The RABL server blacklists addresses until they have
cleared a minimum duration (an hour by default) without any additional
reporting, making the appeals process as simple as "fix your junk". The RABL
is designed to function via automated machine-learning spam filters, such as
Bayesian filters. Each participating network is granted write authentication
in the blackhole list, to prevent abuse. A client tool is also provided.
The RABL client is the lookup and reporting component of the RABL. It is
necessary for performing streaming connection lookups and writing to the RABL
(assuming you have an account).
PR: 87096
Submitted by: Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>
|
