IPs not banned

[hadiceberg]

After getting a lot of hash fails on a CERTAIN torrent, I changed this variables to the values hereunder:

bt.ban_threshold=1

bt.use_ban_ratio=0

but i'm still connected and downloading from peers/seeds with more than 1 hash fails!

http://www.hotlinkfiles.com/files/1084340_yhiql/peerlist.GIF

downloaded 75.8MB, wasted 37.2MB, 146hashfails!

why is this happening?

why utorrent doesn't ban them?

[jewelisheaven]

You turned off banning.

bt.use_ban_ratio needs to be TRUE. Once a peer reaches bt.ban_threshold it will be banned on the next piece. That is unless it has sent bt.ban_ratio # of good pieces.

You want to invest in ipfilter.dat 38/8 is a known anti-filesharing range. (That's 38.0.0.1-38.255.255.255)

[hadiceberg]

you mean after reaching the threshold (1 here), because of bt.use_ban_ratio=false, IP will not be banned!!?

I thought that when bt.use_ban_ratio is set to false, when an IP reaches the threshold, it will be banned without considering how many good pieces it has sent.

however I set it to true.

BTW how can I get a good ipfilter.dat

edit:

you're right. it's now banning them on first hash fail.

Is there any secure updated ipfilter.dat on net?

[jewelisheaven]

Since blocking is useless the only ipfilter.dat is one you made yourself... or from someone you trust made themselves. Everything from utorrent's IP to antivirus software has been included in the PG one time to time.

[hadiceberg]

thanks fellas, now I know what to do with those ba*trds

will setting bt.use_rangeblock=true help?

[Ultima]

That depends on who's poisoning the swarm. If it's a large range of IPs (like 38.x.x.x or something), then rangeblock banning will help ban the entire range (eventually) without your manual intervention.

[yourpcguy]

PeerGuardian 2

http://phoenixlabs.org/pg2/

[DreadWingKnight]

No. NOT peerguardian 2

http://neuron2neuron.blogspot.com/2006/05/blocklist-balderdash.html

http://www.slyck.com/story1593_MediaDefender_Leak_Offers_BlueTack_Users_a_Reality_Check

[yourpcguy]

well wtf

new ppl shouldnt install pg2?

should i remove it too?

[tinkywinky]

Dont listen to the anti blocklist FUD spreaders who have no more information to support their claim that they do not work than some random blogger whos opinion doesnt really count for jack. There have been proper scientific studies into the effectiveness of blocklists and wether they provide any protection againts anti-p2p groups, and the consensus is they do.

Analyzing over a 100 GB of

TCP header data, we quantify the probability of a P2P user of being

contacted by such entities. We observe that 100% of our nodes run into

entities in these lists. In fact, 12 to 17% of all distinct IPs contacted

by any node were listed on blocklists. Interestingly, a little caution can

have significant effect: the top five most prevalent blocklisted IP ranges

contribute to nearly 94% of all blocklisted IPs and avoiding these can

reduce the probability of encountering blocklisted IPs to about 1%.

http://www.cs.ucr.edu/~anirban/Anir-networking07.pdf

I might also add that there is more to blocklists than simply blocking known or suspected anti-p2p. The also block known bad trackers, and bad peers. Though in my opinion, blockilsts are better served client side, and not as some sort of psuedo firewall addition.

[Firon]

Blocklists are worthless. The fact that they had <10% of MediaDefender's IPs is a good sign of that.

IT WILL NOT HELP YOU IN ANY WAY.

[GTHK]

I wouldn't go so far as to say worthless... just highly ineffective and in Bluetacks case problematic.

[tinkywinky]

And a bullet proof vest wont stop you from getting shot in the head, but some protection is better than none at all. Its a broad statement to make that blocklists are worthless, and a fairly ignorant one at that considering the various types of ranges that they deal with. The majority of which would have absolutely no business whatsoever being a peer on a a p2p network. I'm well aware of your feelings towards blocklists Firon. The fact that less than 10% of MD ip's were present in the p2p blocklist only means that the rest of them were unknown so could not be included. What? Do you expect some kind of psychic knowledge on behalf of the list compilers that they should know who every IP on the internet is assigned to at any given time? No. They can only work with the information they have at hand. If Safenet are known to be using servers with IP's in the 38.100 range, perhaps you can explain how it does not help to block that range? That can be proven quite easily on certain music related torrents where entire blocks in that range would otherwise be connecting to you as a peer. If I were a tin foil hat wearing nutcase, I'd almost think that you want people to be caught. I suggest you read the report I linked to, though I rather doubt it would make any difference. I mean dont let facts get in the way of your opinions or anything.

[GTHK]

Continuing your analogy though poisoners and the such don't use a pistol, they use an assault shotgun and fire into a P2P crowd. IPA's do change. If anything though it would be better to load the blocklists into µT's ipfilter.dat so that its effects are limited to the application your worried about, with consideration to µT's bootstrap address of course. Otherwise you might loose your AV updates in the future.

[jewelisheaven]

...... Using a pre-made blocklist especially by bluetack is trusting they are only blocking said "bad" entities. The fact uTorrent and an ANTI VIRUS COMPANY'S update servers have been banned in the past is proof they have little to no oversight what gets added.

Though in my opinion, blockilsts are better served client side, and not as some sort of psuedo firewall addition.

... Aren't the peers clients? Or are you the one who doesn't know what you're talking about.

[DreadWingKnight]

The biggest problem I've found with blocklists FIRST HAND is that the maintainers (bluetack) are known to have a VERY bad history of blocking legitimate traffic more often than they block anti-p2p traffic.

http://torrentfreak.com/peerguardian-malware-080224/

http://torrentfreak.com/do-p2p-blocklists-keep-you-safe/

Why should we EVER rely on premade blocklists when the blocklist maintainers are typically this uninformed.

[jewelisheaven]

DWKnight linked what I alluded to.

The point is.... especially with recent activities, the blocklists from and the people at bluetack are showing more and more "corporate" tendencies of their own silencing dissenters of their own philosophy.

Those who are concerned but don't want to use an overzealous IP blocker could start with these MediaDefender IPs and increase their own blocklist as they see fit from uT logs of their own experience. It's all up to personal preference, and since uT allows ipfilter.dat also, the point can be made people who want to "protect" themselves should employ the list in uT instead of installing PG... the former keeps the clients from connecting to you by blocking the attempt entirely.