Stockade (software)

Stockade is a TCP-layer blocking tool written in C++. It denies TCP/IP access to registered IP addresses by using the ipfw packet filter. It targets spam prevention, but may also be used against other attackers (e.g. brute force password crackers.)

Stockade
Original author(s)Centre for Advanced Internet Architectures (CAIA) at Swinburne University of Technology
Developer(s)Malcolm Robb, Grenville Armitage, Adam Black
Stable release
0.2 / March 16, 2007 (2007-03-16)
Operating systemFreeBSD
TypeSpam mitigation
LicenseGPL v2
Websitehttp://caia.swin.edu.au/stockade/

The rate limiting approach

This approach leverages the superior determination exhibited by legitimate senders. In this respect, it may be considered similar to greylisting. Originally, the authors conceived an MT Proxy to rate-limit the SMTP connections of messages believed to be spam. That worked by adding a dummynet rule for frequent senders who had been sending messages that triggered an unreliable statistical analysis.[1]

A key limitation of the original scheme was the consumption of local resources (in the SMTP proxy). Stockade approach introduces the notion that an inbound TCP connection may be rejected with some random probability proportional to the level of spam already seen from the connection’s originator over some configurable period of time.[2] That probability is subject to a decay, configured as a halving time period, so that each IP address is eventually rehabilitated. That way, stockade provides for fully automatic spam mitigation.

gollark: Firefox's nice thing where you can fuzzy-search open tabs in the omnibar, and the ability to write extensions which interact with tabs, and ctrl+click technology, would probably all be harder if it had to do a ton of IPC calls for everything.
gollark: I'm sure everyone wants 12905712591 forked packages to manage.
gollark: Shipping important functionality via patches means it's really hard to get useful precompiled things in distro repos, and you can't easily stick things in separate programs without compromises.
gollark: I think the tabs thing is an example of not integrating things enough, though.
gollark: You dislike webkit, I assume?

See also
  • IPQ BDB implements a similar random blocking approach in C using Linux's iptables.
  • Fail2ban is a generic intrusion prevention system, featuring multiple blocking techniques and preconfigured for a variety of server applications.
  • DenyHosts is a similar tool, specific for thwarting SSH server attacks.

References
  1. Minh Tran (2004-04-03). "FreeBSD server anti-spam software using automated TCP connection control" (PDF). CAIA Technical Report 040326A. Swinburne University of Technology. Retrieved 2010-04-13.
  2. Minh Tran, Grenville Armitage (2006-12-19). "Mitigating Email Spam by Statistical Rejection of TCP Connections Using Recent Sender History" (PDF). Australian Telecommunication Networks and Application Conference 2006. Swinburne University of Technology. Retrieved 2010-04-13.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.