up-to-the-second blackhole list server designed to monitor global network
activity and make decisions based on network spread and infection rate -
that is, abuse from an address which has been reported by a number of
participating networks. This is in far contrast to how most other
blacklists function, where fallable humans (many with political agendas) must
process thousands of reports and make decisions - many times after the fact.
The RABL is fully reactive to new threats and can block addresses within
seconds of widespread infection - good to know in this world of drone PCs
and stolen accounts. The RABL server blacklists addresses until they have
cleared a minimum duration (an hour by default) without any additional
reporting, making the appeals process as simple as "fix your junk". The RABL
is designed to function via automated machine-learning spam filters, such as
Bayesian filters. Each participating network is granted write authentication
in the blackhole list, to prevent abuse. A client tool is also provided.
PR: ports/88446
Submitted by: Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>
