HOME

TheInfoList



OR:

Stockade is a TCP-layer blocking tool written in
C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
. It denies TCP/IP access to registered
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es by using the ipfw packet filter. It targets spam prevention, but may also be used against other attackers (e.g. brute force password crackers.)


The rate limiting approach

This approach leverages the superior determination exhibited by legitimate senders. In this respect, it may be considered similar to greylisting. Originally, the authors conceived an ''MT Proxy'' to rate-limit the
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients ty ...
connections of messages believed to be spam. That worked by adding a ''dummynet'' rule for frequent senders who had been sending messages that triggered an unreliable statistical analysis. A key limitation of the original scheme was the consumption of local resources (in the SMTP proxy). Stockade approach introduces the notion that an inbound TCP connection may be rejected with some random probability proportional to the level of spam already seen from the connection’s originator over some configurable period of time. That probability is subject to a ''decay'', configured as a halving time period, so that each IP address is eventually rehabilitated. That way, stockade provides for fully automatic spam mitigation.


See also

* IPQ BDB implements a similar random blocking approach in C using Linux's
iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which ...
. *
Fail2ban Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent against brute-force attacks. It is able to run on POSIX systems that have an interface to a packet-control system or f ...
is a generic
intrusion prevention An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
system, featuring multiple blocking techniques and preconfigured for a variety of server applications. *
DenyHosts DenyHosts is a server log, log-based intrusion prevention, intrusion-prevention security tool for Secure Shell, SSH servers written in Python (programming language), Python. It is intended to prevent brute-force attacks on SSH servers by monitorin ...
is a similar tool, specific for thwarting
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on ...
server attacks.


References

{{DEFAULTSORT:Stockade (Software) Computer security software Anti-spam Free security software