Jump to content

IP filter lists unreliable


TheDude

Recommended Posts

Posted

Hi !

I tried downloading ipfilter.dat from the recommended site "Bluetack" with the flashy site and the group of people dedicated to constantly updating the list.

I noticed some addresses being blocked and decide to investigate who they are.

Well, that led me to read threads on the Bluetack site as to how addresses get on the list.

It seems that (very rough estimates of percentages):

5-10% of the addresses are actually anti-P2P organizations, spammers, virus sources, etc.

50% of the addresses are politically motivated. Any corporation that ever paid any lip service to some vaguely anti-P2P sentiment ends up with ALL their addresses blocked - for example, all addresses at Intel, Cisco Systems, and Sun Microsystems are blocked. So, if a friend of yours works at one of those companies, and is using the huge upload bandwidth there to help out your torrents, you are blocking him by implementing ipfilter.dat

20% of the addresses are the entire ranges of ISPs that don't care what you do with their service, so - unknown to them - anti-P2P orgs take advantage of their concern for privacy.

20% of the addresses are currently unassigned addresses, with the idea that some of the baddies may use those addresses. So, if you don't update the ipfilter.dat daily (or close to that), you are going to block any newly assigned IP addresses.

In short, since these people are willing to spend most of their spare time updating these lists, their state of mind is very heavily biased towards blocking addresses. This is because what they want do with their time is to block addresses. So, to them, blocking more addresses is automatically good !

( I've had the same problem in the past with anti-SPAM organizations. I had a period of several months where I had to use a web e-mail provider, because my ISP did not want to waste all their time chasing spammers around, so the anti-SPAM organizations, who don't care whether you receive important e-mails, put my ISP on their block lists. )

If you value your P2P speed and you value your right as not to be blocked by other P2Pers, simply because of which ISP you choose or who your employer happens to be, then I would recommend that you not implement ipfilter.dat .

Posted

Yes, the bluetack lists are pretty rough, but they do account for something. But then again, if you're a whitehat you'll definently not need any blocklists at all.

But what if you're a blackhat? someone who would download the latest movie, or the latest song via BT?

Say if you were downloading from some friend that happens to sit on a cushy job over at some major company, what do you think happens when somebody over at the big corps (RIAA/MPAA etc) pull his records and decide to sue the guy? do you honestly think that the company would back this guy up?

They'd pretty much give it all away, and since most companies keep a *very* strict log file over what gets done and what doesn't get done over their lines, I'd say that your entries could be the next ones that the big corps go for next after they're done with that guy.

Also, I'd like to know how you made those percentage estimates, and how you arrived to the conclusion that the ip numbers that are blocked are indeed just average joe people. After all, if you state bold things such as these, you better have proof to back them up with.

(because I hardly think you went through all those ip numbers yourself.. right?)

Posted

If the friend at a major company had a real ipfilter.dat that only included IP addresses of anti-P2P orgs, etc. then he could be protected as well.

(BTW, I did say "very rough estimates of percentages". The number of actual IP addresses of anti-P2P orgs, etc. that are detected have to be at most 5% - probably a lot less - than the number of IP addresses used by all of Intel, all of Sun, all of Cisco, etc. not to mention all of any ISP that happens to get picked by an anti-P2P site as an unknowing host.)

Posted

Eh not implement ipfilter.dat? You mean not enable it right? It's already implemented ;P

ipfilter.dat and any other IP filtering techniques never were 100% reliable to begin with, as vurlix warned when it was first added into µTorrent. Some "spies" can just use their home connections and collect data like that -- I don't see the IP filters blocking them, and that's because they can't.

Posted

There's nothing stopping you from creating allow lists (Pg2), or exclusion lists (ProtoWall+The Blocklist Manager). YOU are in control of what you block. If you don't like something blocked? Voice your opinion in a mild-mannered well-thought up Internet tone (meaning, don't act like a jackass I guess, to put it in laymen's terms?) either on their forums (bluetack.co.uk), and also through use of the invalidip report form at bluetack.co.uk/invalidip. And well, you could register at test.blocklist.org and file an invalid IP report there too, if you want your voice to be heard.

Most of the time, IPs are split that shouldn't be blocked. In the case of the unassigned IPs being blocked? That is an OPTIONAL list (let's not call it a BLOCKlist...because depending on the product, the user COULD set it as an allow list), they are all optional. But if you see an error, report it! But yea, I noticed the IPv4 IPs changed recently, according to www.iana.org/assignments/ipv4-address-space so it may take a few days to get the old un-assigned/re-assigned IPs moved around to their appropriate list.

If the friend at a major company had a real ipfilter.dat that only included IP addresses of anti-P2P orgs, etc. then he could be protected as well.

ok, that's a given, so he can block the anti-p2p orgs from getting him....BUT, he's doing his illegal file sharing on a CORPORATE-owned computer network, correct? Thus, his work/corporation has all logs of connections exchanged in both directions.

Some of their lists are strict, but it's only because they've shyed away from "P2p Security" and more towards "Internet Security" in general.

So yea, much of the blocked corporations and accompanying ranges are blocked under the questioning of "Should this corporation NEED to connect to my computer network/system WITHOUT my knowledge?" and well, in most instances the answer is NO.

If you have at a corporation that you are filesharing with, tell him to jump on whatismyip.com and get HIS IP, and well? Exclude it, or allow it (depending on what application/method you are using in your IP filtering).

But yes, nothing is perfect. The only safe haven is legaltorrents, creative commons, podcasts (that are free, and don't cost anything.....which applies to most?).

Posted

I find it hard to believe that people just don't get that blocklists are not "protection" from anti-p2p organizations. Live with the fact that you're unlikely to get any protection, and extremely likely to block craploads of legit peers.

Firon: The Government list in PG2 is freakin' massive, and I remember you mentioning that you used it. I'd recommend you try disabling that instead of disabling PG2 altogether. > 95% of my blocks are from Government.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...