Network Address Blacklist
Classification Key
: Exterior Security, Spoofing
Problem
Identifying the malicious users at the system access point is a very effective defense mechanism. However, it is computationally expensive.
How can a malicious user be identified?
Solution
Maintain a list of network addresses that exhibit inappropriate behavior. Drop requests received from a blacklisted address.
Known Uses
RBL and RHSBL List used in Postfix to filter spam coming from known blacklisted IP addresses.
Related Patterns
Policy Enforcement Point, Minefield
Source
Kienzle et. al. Repository
Tags
Honey-pot, Blacklist
|