IP Blocking & Blocklists

December 04, 2007 by sharky

Using ‘IP Blocking’ and Blocklists (P2P)

IP blocking/blocklisting is simply a technique used to restrict (block) traffic from any computer that is within a set list or parameters of any given IP range.

While IP Blocking hardly makes oneself anonymous, it can significantly reduce your chances of being tracked by bad groups interested in what you’re doing with your bandwidth. And by no means do blocklists offer 100% effectiveness for file sharing protection. However, when used in conjunction with a proxy server, it can reduce your odds of being caught down to nearly zero.

P2P Blocklists (also known as ‘blacklists’) are lists of IP ranges that are used by known identified malicious groups, or groups affiliated with the MPAA, RIAA and any other anti-piracy organization. Also on the list include most media companies like Sony, EMI, Universal, Time-Warner, Fox and the like. Here’s some examples of who else is on them:

Company/Org. Description
BayTSP Primary service is to search the Internet for copyright infringement.
ESA Entertainment Software Association
BSA Business Software Alliance
MediaDefender Floods file sharing networks with decoy files, log IP addresses of users on P2P networks.
IFPI International Federation of the Phonographic Industry.
MediaSentry Employed by many music, movie, software and television companies to catch IP addresses of users who share files on P2P networks.

Blocklisting ‘Bad’ IP Addresses - Is it really necessary?

Just ask any one of the 20,000 people sued by the RIAA whether or not they think it’s essential to block bad IPs. Certainly the court cases are not won on circumstantial evidence. And for those who’ve settled out of court - they must have been presented with enough alarmingly accurate information about the files in question. Don’t just take our word for it - read this report!

The link between blocklisted IPs and P2P file sharing has been completely confirmed through a study spanning over a three month investigation using various P2P networks and protocols (BitTorrent, Limewire, Gnutella, Emule). The general purpose of the experiment was to see if they could generate “connections” with known ‘bad’ IP addresses while using a variety of file sharing networks. And in a doomsday scenario, thus any connection to a bad IP means a possibility that they are gathering data to potentially use against you in a civil lawsuit. Here’s a quote from the study:

A user without any knowledge of blocklists, will almost certainly be tracked by blocklisted IPs. We found that all our clients exchanged data with blocklisted IPs. In fact, of all distinct IPs contacted by any client, 12-17% were found to be listed on blocklists. Avoiding just the top 5 blocklisted IPs reduces the chance of being tracked to about 1%.

That means 100% of the time, you will exchange data with IPs listed in the bad ranges, and you will be tracked. Take away just the top 5 blocklisted IPs, and your chances go down to 1%. This confirms the validity and effectiveness of using some form of blocklisting when using P2P programs. Safety is surety!

View this study in its entirety here, and another variation of it can be found here.

Using IP Blocking Software

There are a couple of free programs available that are compatible with known blocklists. They are:

Protowall (from Bluetack - B.I.S.S. Forums)

Our Notes about Protowall:

We tested 2 versions of Protowall, the 2.0.1 build 9 version, and the last stable version 1.43, on two different system configurations running WinXP SP2 (one with firewall/antivirus/antispyware) and one with none of these installed. However, we predictably received the error message, “Protowall.sys not loaded” on both systems. We checked the FAQ and proceeded to troubleshoot the problem, but to no avail. The procedures involved are somewhat lengthy, and not for the novice PC user. Using a blocklist is not exclusive to Protowall - it is the blocklists themselves that are required and can easily be imported into the PeerGuardian program instead, with much less hassle to those who generate the error message. Kudos to you if Protowall installs perfectly the first time. If not, don’t fuss too much with it, just move on to PeerGuardian 2.

Protowall installation: First you’ll need to set up an account with Bluetack since it’s mainly a forum site (which you may have to do anyways to obtain the blocklists). Click on the “Downloads” button to the right, and select ‘Protowall’, and select the latest version (for this we selected 2.0.1 - build 9). Where it says “Protowall 2.0.1 Build 9 - Latest Version”, click it to download. Save the file, unzip and install.

PeerGuardian 2

Click to see the Peer Guardian 2 main windowPeerGuardian 2 is Phoenix Labs’ premier IP blocker for Windows. PeerGuardian 2 integrates support for multiple lists, list editing, automatic updates, and IP blocking, making it the safest and easiest way to protect your privacy on P2P. I recommend this FREE program to any serious P2P user who’s concerned about privacy. PG 2 works with an automatic ‘blocklist’ of known bad IP addresses - (including MPAA, RIAA and MediaDefender affiliates) - that sniff out IP addresses of users that are downloading copyrighted materials. Download it here (and read the FAQ).

Click to see the Peer Guardian 2 installation windowOur advice: Use this program on “enabled” and be sure to ‘block HTTP’ as well. This program is somewhat memory hungry, so use it only if you’re concerned about protecting the privacy of what you are downloading via P2P and BitTorrent (not regular websurfing). If you’re only trying to block those “Anti-P2P” organizations, then it is advised to select only the ‘P2P’ setting during the install (see image). See “Finding” below to learn which blocklists to install after installation.

If you are running WinXP SP2 and you notice a drop in your Internet speed while running PG 2, be sure to apply the TCP patch we describe here to increase your TCP limit.

You may also notice that the *.torrents now take a little longer to load the seed/peers. This is normal: all IPs sharing that torrent are being checked first in PeerGuardian against the blocklists.

There is also a new version of PeerGuardian for the Mac OS X - download it here.

Finding P2P blocklists

Probably the most comprehensive blocklists are from Bluetack, as they are continuously updated and revised. Plus, they can be downloaded and imported right from the PeerGuardian 2 program. Note that you may or may not require an account in order to import the Bluetack lists into PG 2.

There are three absolutely crucial blocklists required (in regards to P2P safety). They are:

1. The P2P.php list within the PG 2 program (installed automatically).
2. The Bluetack P2P Level 1 list.
3. The Bluetack BOGON list.

NOTE that both P2P blocklists (1. and 2.) are very similar, and certainly contain redundancy in entries. The general consensus is that the Bluetack blocklists are superior to PG 2 (in terms of updates and content) thus we recommend using both concurrently. But besides these two blocklists, perhaps the most important blocklist of all is the Bluetack BOGON list:

BOGON IP addresses, or Bogon Space, are known as unassigned IP addresses and are not publicly used. Hence, anyone using them is very hard to trace and little information can be garnered about the users from these IP ranges. Since anti-piracy groups (and their cohorts) do not wish to be on any blocklist, current data suggest these are likely the most common ranges used nowadays by the more ‘aggressive’ pirate-seekers to gather evidence for lawsuits and prosecution. So it is imperative that these IP ranges are blocked, and that this list be incorporated into PG 2.

Importing the blocklists (In PeerGuardian 2)

To import blocklists within PeerGuardian, you don’t need to visit the Bluetack website to obtain these latest lists - do it right in PG 2. Here’s how to add the blocklists:

1. Run PeerGuardian, select “List Manager”. This will launch the window below. Click the ADD button, the “Add List” popup window will now launch.

Click to see the Peer Guardian 2 Import List window

2. Click on the ADD URL button (see below), and then use the dropdown bar to view the available lists. The three important lists are underlined here in the second screenshot below:

Click to see the Peer Guardian 2 Import List windowClick to see the Peer Guardian 2 Import List window

3. Click the OK button to close the window, and click the RED X in the upper right part of the first window. This should now import the selected list into PG 2 (and a “Generating List Cache…” popup should be shown):

4. Repeat these steps for each additional list. After all three lists have been added, check the main PeerGuardian window, you should now see this text:
3 Lists: 3 up-to date - 0 failed updating - 0 disabled” like below:

NOTE: If you run into a problem where it says “3 Lists: 1 up-to-date - 2 failed updating - 2 disabled” then you’ll have to visit the Bluetack website and sign up for an account. This will give you the access to their blocklists.

To update the blocklists, click on “Check Updates”. This will check and update all the lists used by PG 2.

Note: There’s also a different blocklist that Bluetack recommends using - the “Level 3″ P2P list. This Level 3 list is not available in the “ADD URL” option of PeerGuardian, however, you can download the file from Bluetack. To add it into PG 2, instead of clicking “ADD URL”, select “ADD FILE” and browse to the location where you saved it.

Something else worth mentioning is the “SafePeer” plugin for Azureus (BitTorrent). IP blocklists can be incorporated right into Azureus without the need to use other IP blocking software. This is resourceful if you utilize Azureus exclusively as your P2P program.



Archived by FSFmirror

Categories: