REACTIVE AUTONOMOUS BLACKHOLE LIST CLIENT v1.0
Copyright (c) 2005 Deep Logic, Inc.
http://www.nuclearelephant.com/projects/rabl/

LICENSE

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

TABLE OF CONTENTS

General Server Information

  1.0 About the RABL 
  1.1 Installation
  1.2 Running the Server
  1.3 Zone Files

1.0 ABOUT THE RABL CLIENT

The RABL (pronounced "rabble") server is a statistical, machine-automated and 
up-to-the-second blackhole list server designed to monitor global network 
activity and make decisions based on network spread and infection rate - 
that is, abuse from an address which has been reported by a number of 
participating networks. This is in far contrast to how most other 
blacklists function, where fallable humans (many with political agendas) must 
process thousands of reports and make decisions - many times after the fact. 
The RABL is fully reactive to new threats and can block addresses within 
seconds of widespread infection - good to know in this world of drone PCs 
and stolen accounts. The RABL server blacklists addresses until they have 
cleared a minimum duration (an hour by default) without any additional 
reporting, making the appeals process as simple as "fix your junk". The RABL 
is designed to function via automated machine-learning spam filters, such as 
Bayesian filters. Each participating network is granted write authentication 
in the blackhole list, to prevent abuse. A client tool is also provided.

Of course, the ideal use for the RABL is for spam and virii. Machine 
automation here is performed by any statistical filter capable of dynamically 
identifying spam and virus concepts (along with the source address). This 
information is fed into the RABL for processing. This doesn't mean, however, 
that the server should be limited to tracking only spam and viruses. It can 
easily be adapted to track any kind of network-based phenomenon over a large 
spread or even redesigned to track viruses. 

The RABL client is the lookup and reporting component of the RABL. It is 
necessary for performing streaming connection lookups and writing to the RABL
(assuming you have an account).

1.1 INSTALLATION

To install the client, run:

./configure && make && make install

The configuration file rabl_client.conf will be installed, by default, in
/usr/local/etc. This file should be edited to reflect the correct server
information. If you have a write account on the server, you'll need to
set ServerUID and ServerSecret also.

1.2 RUNNING THE CLIENT

The client supports two different modes of operation: commandline query/post
and directory-watch mode.

  COMMANDLINE
  There are presently two commandline functions to perform single functions:
    -c [address]  Check/Query: Checks whether a particular address is BL'd
    -s [address]  Spam:        Reports the address as a spam sender

  DIRECTORY WATCH
  To use the client's directory watch mode, use the -d flag followed by the
  path to an empty directory on your server.  Have your controlling software
  (namely your statistical filter) create or touch blank files in this
  directory using the ip address of the spammer as the filename.  The
  directory watcher will automatically send out new addresses and perform
  hourly cleanup of the directory.

  NOTE: In order to perform any 'write' operations to the server, you
        must have an account.

BUGS AND FEEDBACK

The RABL is still in its infancy, and is likely to contain bugs.
Please feel free to report any bugs to jonathan@nuclearelephant.com. Be sure to
include a full synopsis of the problem, how to reproduce it, and what the
expected and actual results were.

You may also wish to subscribe to the rabl-users mailing list. You can do
this by emailing majordomo@lists.nuclearelephant.com with the words
'subscribe rabl-users' in the message body.

