~kline/firebee

9565e759e08ea20096cb6b76eef0258aac20cad4 — Gareth Pulham 4 months ago 535f819
Draft layout for block classes
1 files changed, 33 insertions(+), 0 deletions(-)

M README.md
M README.md => README.md +33 -0
@@ 32,3 32,36 @@ Firebee is free software, you can use it, or adapt it, to any purpose!
                      |  protocol  |
                      +------------+
```

# Block Classes

Firebee, like similar blacklist servers, allows blocks to be categorised into a
number of distinct types. Firebee inherits a number of types from prior
implementations, as well as opening up the space to private-use. As much as
possible, users should seek to establish upstream and peer consensus before
implementing new classes outside of the private use area.

| Numeric | Reason                                                    |
|---------|-----------------------------------------------------------|
| 1       | Testing class                                             |
| 2       | Sample data used for heruistical analysis                 |
| 3       | IRC spam drone (litmus/sdbot/fyle)                        |
| 5       | Bottler (experimental)                                    |
| 6       | Unknown worm or spambot                                   |
| 7       | DDoS drone                                                |
| 8       | Open SOCKS proxy                                          |
| 9       | Open HTTP proxy                                           |
| 10      | Proxychain                                                |
| 11      | Web Page Proxy                                            |
| 12      | Open DNS Resolver                                         |
| 13      | Automated dictionary attacks                              |
| 14      | Open WINGATE proxy                                        |
| 15      | Compromised router / gateway                              |
| 16      | Autorooting worms                                         |
| 17      | Automatically determined botnet IPs (experimental)        |
| 18      | Possibly compromised DNS/MX type hostname detected on IRC |
| 19      | Abused VPN Service                                        |
| 20-199  | Reserved                                                  |
| 200-249 | Private use                                               |
| 250-254 | Reserved                                                  |
| 255     | Uncategorized threat class                                |