You are not logged in.

#1 2010-10-01 16:37:17

XtrmGmr99
Member
Registered: 2009-04-14
Posts: 128

IP Filter...

Hello,

I just set up a torrent box on my home server to download TV shows, among other things, automatically. However, like many BitTorrent users, I'm a bit weary with downloading and uploading from just about anyone. I would like to set up some kind of blocklist (such as is found with uTorrent and the likes) to block these shady addresses from connecting...

I use rtorrent as a daemon and wtorrent as a front end. As far as I know, rtorrent doesn't have the option to filter IPs built-in (though, from what I understand, there is a patch for that). Just as well -- every time the IP filter is updated, the rtorrent daemon would need to be restarted in order for the changes to take affect, which is something I want to avoid.

I've looked around, and many people suggest the linux-build of PeerGardian. However, I also found this, which is a simple perl script that supposedly does the same thing without much overhead, and utilizes IPTABLES directly, whereas PeerGardian, from what I hear, does not use IPTABLES anymore. [EDIT: also, Moblock is something I keep seeing]

I was wondering if anyone has any experience with these and to ask for recommendations as to what would be the best to use. Auto-update would be fun, but I can always set up a crontab to update the IP lists on a periodic basis if necessary.

Thanks for any help!

Last edited by XtrmGmr99 (2010-10-01 21:48:47)

Offline

#2 2010-10-02 17:18:11

stqn
Member
Registered: 2010-03-19
Posts: 1,191
Website

Re: IP Filter...

Not really an answer to your question, but Transmission has integrated handling for Bluetack's level1 blocklist and a web interface (that doesn't work out of the box on Arch, but I guess it can be fixed.) The blocklist can be updated without restarting Transmission.

Offline

#3 2010-10-02 17:32:13

XtrmGmr99
Member
Registered: 2009-04-14
Posts: 128

Re: IP Filter...

I'd rather stick with rtorrent. Transmission is still very buggy and feature-incomplete.

I did set up moblock, though. It seems to be working just fine -- I'll continue to evaluate it in the coming days and see what happens. smile

Offline

#4 2010-10-02 19:59:07

lucke
Member
From: Poland
Registered: 2004-11-30
Posts: 4,018

Re: IP Filter...

I was using rtorrent with moblock, then moved to iplist, then used rtorrent with ipfilter patch for a while, then just migrated to transmission-daemon, which seems to be a nicer option featurewise and performancewise (especially memorywise). Postwise, now I feel like this character from The Apartment, moviewise.

Last edited by lucke (2010-10-02 19:59:54)

Offline

#5 2010-10-02 21:03:17

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: IP Filter...

I was raising an eyebrow when I saw you saying Transmission is buggy and incomplete, because I was very happy with their GTK client. Their web interface pales in comparison.

I did use the Peerguardian filtering with Transmission, I might have to look into Moblock myself.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#6 2010-10-03 03:46:13

Jimi
Member
From: Brooklyn, NY
Registered: 2009-09-25
Posts: 125
Website

Re: IP Filter...

PG2 is a placebo. Of course, you see some addresses blocked. The fucking thing blocks ONE-THIRD of the Internet address space, by its own claim.

What you do NOT know is whether the addresses this piece of shit blocked were, in fact, the very peers who had the pieces you were downloading.

By inducing and then reinforcing paranoia, PG2 does more harm to torrenting than the RIAA, the MPAA and the FBI combined. I've said it before - if PG2 didn't exist, the MPAA would have invented it. Smiley

Here's just a small selection of the problems with this overhyped garbage:

http://www.slyck.com/forums/viewtopic.php?t=38295

The Media Defender internal email leak offered plenty of information for the taking. MediaDefender-Defenders said that they hoped that the email leak will prove to be a viable tool to protect against anti-P2P efforts. This is something BlueTack has been trying to do. After the email leak, a text file that compiles the complete IP (Internet Protocol) list Media Defender used while dropping fake files onto various P2P sites and networks was posted. While judging the effectiveness of these lists had proven to be an impossible task before the major leak, the effectiveness can now be tested.

Slyck began the investigation when BlueTack's 'Paranoid' IP filter blocked one of TVUnderground's new eDonkey2000 servers. A request for comment or information on the matter to BlueTack's team went unanswered. To this day, why BlueTack has blocked only one of TVUnderground's servers is unknown. In the meantime, Slyck is currently in the possession of a copy of BlueTack's IP filter lists, and further investigation into related matters appeared warranted.

According to the BlueTack website, "B.I.S.S. is a site dedicated to improving the safety and awareness of all our members and guests, providing News, Security articles, Software Reviews, Technical Support, Guides, IP Research and Free Software needed to help us keep our connections to the net and each other safe, secure, and free from unwelcome intruders."

Among the things offered are the blocklists, which have been met with either acceptance by the file-sharing community or complete rejection. Some say that the blocklists allow users to simply block any anti-filesharing company and allow users to connect with non-industry IPs. Others say that there is no way to get the right IPs before the IPs are changed to different addresses, thereby rendering the filters ineffective. It's been the subject of debate for quite some time amongst many experts with no real way to test the lists, at least until the Media Defender email leak.

The 'Paranoid' eMule IP filter was retrieved on September 27, 2007. The Level1 IP blacklist, which is supposed to block all known anti-p2p IPs, was retrieved on September 30, 2007. The idea behind getting these lists now is to offer ample time for Media Defender's now public IPs to be added to the lists for a much more effective blocklist for PeerGuardian users.

Slyck then obtained a copy of the publicly available 14.3MB compressed text file which lists all of the Media Defender's IP addresses. At this point, it became obvious that testing such a large volume of IPs would prove to be an overly time-consuming challenge, at least by hand. In order to alleviate this problem, it was best to test one particular IP range. Conveniently enough, the first range started with 116. Slyck then decided to test all of the IPs that started with the number 116.

The total number of IPs used by Media Defender starting with 116 was 1,474. Obviously, BlueTack did block all IPs that started with 116, but how many Media Defender IPs were successfully blocked? When Slyck investigated, there was a common theme that blocklists seemingly jumped over several ranges used by Media Defender. After some extensive study using the Level1 list for anti-p2p companies and the 'Paranoid' list, BlueTack would have successfully blocked 16 IPs. Thus, this sample test offered 1.09% protection against Media Defender in that range.

The IPs that were successfully blocked were: 116.255.1.109, 116.255.1.154, 116.255.1.244, 116.255.1.27, 116.255.1.52, 116.255.1.85, 116.215.157.243, 116.212.14.223, 116.199.202.170, 116.199.202.240, 116.199.207.83, 116.199.207.84, 116.199.226.78 , 116.199.227.11, 116.199.227.27, 116.199.227.67. The remaining 1,458 IPs would still be allowed through even with these two filters being used today.

While BlueTack may still perpetuate the idea that their filters are 99% effective, these latest findings will only fuel criticisms towards BlueTack's actual effectiveness. A complete test might not be possible short of creating a simple program to test every single number or spending weeks hand-testing every single Media Defender IP address. In the mean ime, it seems very apparent that BlueTack's filters have a few holes.

And that was tested against known and published addresses!! In order to catch those 16 addresses (probably by dumb luck and the law of large numbers), BlueTack also blocked more than 4 million INNOCENT addresses in the same range.

================================================== ============
A SECOND TEST:

I am convinced that it is not authentic. I did a reverse lookup on 500 or so somewhat randomly picked addresses from the 5.3 million addresses in that list. Look at the results -- it's pretty clear that the vast majority of the items in the list are residential dynamic IP addresses from all over the world.

================================================== =============

http://www.physorg.com/news110035755.html

Not Much Anonymity for Unprotected File-Sharers: Researchers Examine P2P Networks
The same technology that allows easy sharing of music, movies and other content across a network also allows government and media companies easy access to who is illegally downloading that content.

"Note that it is not our intention here to examine how accurate and comprehensive these lists are, though this would be interesting and challenging future work."


=============
"after a quick look through the document, found elsewhere (PDF) (thanks again guys), all their stats are based on a couple of assumptions: that the blocklist contains no false positives, and more importantly, that it fails to contain no address that should be included. i will leave it to others to comment on the likelyhood of these assumptions being correct."
===============
FROM PG;s ow website:

Well, it is accurate in the sense that it blocks everything on your blocklist. <No shit, really?>
It is impossible to know _all_ the addresses to block

PeerGuardian is known to be incompatible with McAfee and BlackICE firewalls. Outpost is also known to cause a problem if you shut down PG2 while it is running. There is currently no way around this, so we recommend you try switching to another firewall

PeerGuardian blocked someone, should I be worried?
Well, it was blocked, so why would you worry?

PeerGuardian is slowing down my connection!
This occurs because of the way PeerGuardian blocks packets, not connections.

PeerGuardian is blocking an IP like crazy, should I worry?
PeerGuardian will constantly block IPs. Many times you will see IPs get blocked three or more times before giving up - this is due to the way most computers handle reliable connecting. After a period of time, people may retry to see if you are responding yet. This does not mean people are spying on you. <No ... it means they are trying to download or upload files in a swarm where you are connected ...duh ...>

A block list is a list of bad IP ranges that are know to spy on people's computers.
<That's simply a lie. A blocklist is =just a list of IP addresses. Its accuracy and completeness depend ENTIRELY on who created it and who contributed to it.>


This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. <Translation - it's a POS, we know it's a POS and you're just as liable to get caught with it as without, and we ain't responsible. But thanks for the donation anyway ...>

Total of IP's being blocked right now:

* 2,377,645,666

<Yep TWO FUCKING BILLION blocked connections all to TRY to prevent one percent of the known addresses of MD from getting through.>

first things first, if the government was and/or are spying on you right now, it will be on a IP range that is not on our blocklists and is a secret range of IPs, second thing is, if the government was and/or are spying on you right now, they would be doing it on a whole diffrent level.


<Then why are you blocking the Department of Agriculture's IP range? Are you afraid they'll detect someone pirating a seed catalogue?>
==================================

I have more. Lots more. Smiley

Offline

Board footer

Powered by FluxBB