Back to Security Pattern Catalog




Network Address Blacklist


Classification Key : Exterior Security, Spoofing

Problem

Identifying the malicious users at the system access point is a very effective defense mechanism. However, it is computationally expensive. How can a malicious user be identified?

Solution

Maintain a list of network addresses that exhibit inappropriate behavior. Drop requests received from a blacklisted address.

Known Uses

RBL and RHSBL List used in Postfix to filter spam coming from known blacklisted IP addresses.

Related Patterns

Policy Enforcement Point, Minefield

Source

Kienzle et. al. Repository

Tags

Honey-pot, Blacklist


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz