Stockade (software)

Last updated
Stockade
Original author(s) Centre for Advanced Internet Architectures (CAIA) at Swinburne University of Technology
Developer(s) Malcolm Robb, Grenville Armitage, Adam Black
Stable release
0.2 / March 16, 2007 (2007-03-16)
Operating system FreeBSD
Type Spam mitigation
License GPL v2
Website http://caia.swin.edu.au/stockade/

Stockade is a TCP-layer blocking tool written in C++. It denies TCP/IP access to registered IP addresses by using the ipfw packet filter. It targets spam prevention, but may also be used against other attackers (e.g. brute force password crackers.)

Contents

The rate limiting approach

This approach leverages the superior determination exhibited by legitimate senders. In this respect, it may be considered similar to greylisting. Originally, the authors conceived an MT Proxy to rate-limit the SMTP connections of messages believed to be spam. That worked by adding a dummynet rule for frequent senders who had been sending messages that triggered an unreliable statistical analysis. [1]

A key limitation of the original scheme was the consumption of local resources (in the SMTP proxy). Stockade approach introduces the notion that an inbound TCP connection may be rejected with some random probability proportional to the level of spam already seen from the connection’s originator over some configurable period of time. [2] That probability is subject to a decay, configured as a halving time period, so that each IP address is eventually rehabilitated. That way, stockade provides for fully automatic spam mitigation.[ citation needed ]

See also

Related Research Articles

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

<span class="mw-page-title-main">Open mail relay</span>

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

A tarpit is a service on a computer system that purposely delays incoming connections. The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad scanning are less effective, and therefore less attractive, if they take too long. The concept is analogous with a tar pit, in which animals can get bogged down and slowly sink under the surface, like in a swamp.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

The Distributed Sender Blackhole List was a Domain Name System-based Blackhole List that listed IP addresses of insecure e-mail hosts. DSBL could be used by server administrators to tag or block e-mail messages that came from insecure servers, which is often spam.

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Email filtering is the processing of email to organize it according to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of messages at an SMTP server, possibly applying anti-spam techniques. Filtering can be applied to incoming emails as well as to outgoing ones.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

<span class="mw-page-title-main">Message submission agent</span>

A message submission agent (MSA), or mail submission agent, is a computer program or software agent that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail. It uses ESMTP, a variant of the Simple Mail Transfer Protocol (SMTP), as specified in RFC 6409.

In networking, a black hole refers to a place in the network where incoming or outgoing traffic is silently discarded, without informing the source that the data did not reach its intended recipient.

The SIP URI scheme is a Uniform Resource Identifier (URI) scheme for the Session Initiation Protocol (SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific telephone extension on a voice over IP system. Such a number could be a private branch exchange or an E.164 telephone number dialled through a specific gateway. The scheme was defined in RFC 3261.

SMTP proxies are specialized mail servers that, similar to other types of proxy servers, pass simple mail transfer protocol (SMTP) sessions through to other SMTP servers without using the store-and-forward approach of a mail transfer agent (MTA). When an SMTP proxy accepts a connection, it initiates another SMTP session to a destination SMTP server. Any errors or status information from the destination server will be passed back to the sending MTA through the proxy.

<span class="mw-page-title-main">Fail2ban</span> Intrusion prevention software framework

Fail2Ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent brute-force attacks. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, such as iptables or TCP Wrapper.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Haraka is an open source SMTP server. Its architecture is plugin-oriented and event-driven. The server and its plugins are written in JavaScript using the Node.js framework.

References

  1. Minh Tran (2004-04-03). "FreeBSD server anti-spam software using automated TCP connection control" (PDF). CAIA Technical Report 040326A. Swinburne University of Technology . Retrieved 2010-04-13.
  2. Minh Tran, Grenville Armitage (2006-12-19). "Mitigating Email Spam by Statistical Rejection of TCP Connections Using Recent Sender History" (PDF). Australian Telecommunication Networks and Application Conference 2006. Swinburne University of Technology . Retrieved 2010-04-13.