SAME
UITB   FAQ
Support   Links
Products   Services
 News
Contact Us
About Us   Lists
Downloads   Demos
Location: > Products > EIMS Filters > Denes > Cool Rules > Open Relay Database    Site Map
Denes  Overview | Features | Recommendations | Make Rule | Cool Rules | Coming Soon | Feedback | Support | Pricing | Download

Reactive Autonomous Blackhole List Project

Reactive Autonomous Blackhole List

The RABL (pronounced "rabble") server is a statistical, machine-automated and up-to-the-second blackhole list server designed to monitor global network activity and make decisions based on network spread and infection rate - that is, abuse from an address which has been provided via automated feed from a number of participating networks. This is in far contrast to how most other blacklists function, where fallable humans (many with political agendas) must process thousands of hand-written reports and make decisions - many times after the fact. The RABL is fully reactive to new threats and can block addresses within seconds of widespread infection because it is in constant communication with the participating networks (or "sources") - good to know in this world of drone PCs and stolen accounts. The RABL server blacklists addresses until they have cleared a minimum duration (an hour by default) without any additional reporting, making the appeals process as simple as "fix your junk". The RABL is designed to function via automated machine-learning spam filters, such as Bayesian filters. Each participating network is granted write authentication in the blackhole list, to prevent abuse. A client tool is also provided. Because no humans are involved in this process, the RABL acts as a mere activity monitor and can run on its own. There's also nobody to sue (since you can't sue computers for talking to each other) which makes things far less messy for participants.

Of course, the ideal use for the RABL is for spam and virii. Machine automation here is performed by any statistical filter capable of dynamically identifying spam and virus concepts (along with the source address). This information is fed into the RABL for processing. This doesn't mean, however, that the server should be limited to tracking only spam and viruses. It can easily be adapted to track any kind of network-based phenomenon over a large spread or even redesigned to track viruses.

The Reactive Autonomous Blackhole List, or RABL, is a publicly available. It is a standard Domain Name System Black List (DNSBL). More information about the ORDB can be found on their web site at http://rabl.nuclearelephant.com/.

Entries in the RABL are made by the creation of A records in the NS at rabl.nuclearelephant.com. Lookups are done in a standard prepended reverse dotted IP address format to check a particular IP address for inclusion in the DNSBL. Results IPs that are listed in the DNSBL return an IP address of 127.0.0.0/16.

The Cool Rule

Rule Name: RABL/DNSBL
Lookup Host/Format: rabl.nuclearelephant.com
NS Record Type: A
Match Operator: equals
Match String: 127.0.0.0/16
DNR to Use: 2
Check Authenticated: 2
Action: refuse
Action Parameter 01: 550 5.7.1 Your server (%ip [%hi]) is in the %bl block list. See http://rabl.nuclearelephant.com/ for more details.

Download this rule with full entries in a separate text doccument.

Home | SAME | UITB | FAQ | Support | Links | Products | Services

News | Contact Us | About Us | Lists | Downloads | Demos | Site Map

Site designed and hosted by Deep Sky Technologies, Inc..
Any questions or problems with this site should be directed to webmaster@deepskytech.com.
Policies and Agreements
Bad Chickens.com Deep Sky Technologies Store-Secure