Stockade (software)
Encyclopedia
Stockade is a TCP-layer blocking tool written in C++
. It denies TCP/IP access to registered IP address
es by using the ipfw
packet filter. It targets spam prevention, but may also be used against other attackers (e.g. brute force password crackers
.)
. Originally, the authors conceived an MT Proxy to rate-limit the SMTP connections of messages believed to be spam. That worked by adding a dummynet rule for frequent senders who had been sending messages that triggered an unreliable statistical analysis.
A key limitation of the original scheme was the consumption of local resources (in the SMTP proxy). Stockade approach introduces the notion that an inbound TCP connection may be rejected with some random probability proportional to the level of spam already seen from the connection’s originator over some configurable period of time. That probability is subject to a decay, configured as a halving time period, so that each IP address is eventually rehabilitated. That way, stockade provides for fully automatic spam mitigation.
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
. It denies TCP/IP access to registered IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es by using the ipfw
Ipfirewall
ipfirewall or ipfw is a FreeBSD IP packet filter and traffic accounting facility. Its ruleset logic is similar to many other packet filters except IPFilter. ipfw is authored and maintained by FreeBSD volunteer staff members. Its syntax enables use of sophisticated filtering capabilities and thus...
packet filter. It targets spam prevention, but may also be used against other attackers (e.g. brute force password crackers
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
.)
The rate limiting approach
This approach leverages the superior determination exhibited by legitimate senders. In this respect, it may be considered similar to greylistingGreylisting
Greylisting is a method of defending e-mail users against spam. A mail transfer agent using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the...
. Originally, the authors conceived an MT Proxy to rate-limit the SMTP connections of messages believed to be spam. That worked by adding a dummynet rule for frequent senders who had been sending messages that triggered an unreliable statistical analysis.
A key limitation of the original scheme was the consumption of local resources (in the SMTP proxy). Stockade approach introduces the notion that an inbound TCP connection may be rejected with some random probability proportional to the level of spam already seen from the connection’s originator over some configurable period of time. That probability is subject to a decay, configured as a halving time period, so that each IP address is eventually rehabilitated. That way, stockade provides for fully automatic spam mitigation.
See also
- IPQ BDB implements a similar random blocking approach in CC (programming language)C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
using Linux's iptablesIptablesiptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores...
. - Fail2banFail2banFail2ban is an intrusion prevention framework written in the Python programming language. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally .-Functionality:...
is a generic intrusion prevention system, featuring multiple blocking techniques and preconfigured for a variety of server applications. - DenyHostsDenyHostsDenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses...
is a similar tool, specific for thwarting SSHSecure ShellSecure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
server attacks.