~kline/firebee

A DNS blacklist
Add AGPL license
Basic DNS server
Draft layout for block classes

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~kline/firebee
read/write
git@git.sr.ht:~kline/firebee

You can also use your local clone with git send-email.

#Firebee

Firebee aspires to be a high-performance, federated IP blacklist server, featuring both classic DNS interfaces, as well as new federation features.

By federating, Firebee operators can maintain ultimate control over their own blacklisting policy and behaviour, while also sharing updates (and receiving updates in turn) from other operators in turn.

Firebee is built in a modular fashion, with a core IP matching module that can be accessed through independent interface modules, such as DNS or HTTP. Operators can likewise write their own modules allowing best integration with their own blacklist consumers.

Firebee is free software, you can use it, or adapt it, to any purpose!

                      +-----+
                   +--| DNS |----> Client
+-------------+    |  +-----+
| IP matching |    |  +------+
|             |----+--| HTTP |<--> Admins, users
|    core     |    |  +------+
+-------------+    |  +---------------+
                   |  |     Your      |
                   +--|    protocol   |<--> Bots
                   |  |     here?     |
                   |  +---------------+
                   |  +------------+
                   |  |  Firebee   |
                   +--| federation |<----> Peers
                      |  protocol  |
                      +------------+

#Block Classes

Firebee, like similar blacklist servers, allows blocks to be categorised into a number of distinct types. Firebee inherits a number of types from prior implementations, as well as opening up the space to private-use. As much as possible, users should seek to establish upstream and peer consensus before implementing new classes outside of the private use area.

Numeric Reason
1 Testing class
2 Sample data used for heruistical analysis
3 IRC spam drone (litmus/sdbot/fyle)
5 Bottler (experimental)
6 Unknown worm or spambot
7 DDoS drone
8 Open SOCKS proxy
9 Open HTTP proxy
10 Proxychain
11 Web Page Proxy
12 Open DNS Resolver
13 Automated dictionary attacks
14 Open WINGATE proxy
15 Compromised router / gateway
16 Autorooting worms
17 Automatically determined botnet IPs (experimental)
18 Possibly compromised DNS/MX type hostname detected on IRC
19 Abused VPN Service
20-199 Reserved
200-249 Private use
250-254 Reserved
255 Uncategorized threat class