22 lines
1.3 KiB
Text
22 lines
1.3 KiB
Text
|
The RABL (pronounced "rabble") server is a statistical, machine-automated and
|
||
|
|
up-to-the-second blackhole list server designed to monitor global network
|
||
|
|
activity and make decisions based on network spread and infection rate -
|
||
|
|
that is, abuse from an address which has been reported by a number of
|
||
|
|
participating networks. This is in far contrast to how most other
|
||
|
|
blacklists function, where fallable humans (many with political agendas) must
|
||
|
|
process thousands of reports and make decisions - many times after the fact.
|
||
|
|
The RABL is fully reactive to new threats and can block addresses within
|
||
|
|
seconds of widespread infection - good to know in this world of drone PCs
|
||
|
|
and stolen accounts. The RABL server blacklists addresses until they have
|
||
|
|
cleared a minimum duration (an hour by default) without any additional
|
||
|
|
reporting, making the appeals process as simple as "fix your junk". The RABL
|
||
|
|
is designed to function via automated machine-learning spam filters, such as
|
||
|
|
Bayesian filters. Each participating network is granted write authentication
|
||
|
|
in the blackhole list, to prevent abuse. A client tool is also provided.
|
||
|
|
|
||
|
|
The RABL client is the lookup and reporting component of the RABL. It is
|
||
|
|
necessary for performing streaming connection lookups and writing to the RABL
|
||
|
|
(assuming you have an account).
|
||
|
|
|
||
|
|
WWW: http://www.nuclearelephant.com/projects/rabl/
|