Ashton Mills27 November 2006, 9:08 AM
It's not just the bad 'hackers' out there that might try and get in a look in on your machine, perfectly legitimate companies are out to do it too. Here's how to block out unwanted guests.
Without getting into the quagmire that is the debate over P2P, fronted on one side by sane technologically able people and on the other by a dying breed of middlemen with an outdated business model (ok, so I dipped a toe into the marsh), the use of the technology aptly includes both legitimate claims of copyright infringement and illegitimate claims that this is all the technology is good for. In fact, P2P is rapidly becoming the de-facto mechanism distribution of all sorts of content on the Internet.
But I digress -- if you use P2P software, and this can include programs that use it for distribution (which may not be immediately apparent to you), whether you like it or not you're putting your IP address and machine on the global invitation list. It doesn't matter that you've got a firewall -- for while it does its job at the protocol and port level, it can't protect you from the applications you run that openly share information about you or your machine.
Such as P2P software.
While there are as many legitimate uses of P2P software as there are free, community produced, and non-commercial files on the networks there are just as many illegal transfers happening as well. Transfers organisations like the RIAA and MPAA would like to put a stop to. And irrespective of whether such actions are justified, the RIAA litigation engine gets its endless source of defendants to sue by logging the contents of and exploring the systems of those users who run P2P software. It doesn't matter whether you are or are not sharing copyrighted material, your machine will be logged none the less.
 Bluetack's Blocklist Manager: Manage blocked IP ranges and export to Peerguardian, Protowall and other blocklist software. |
The scary part is, you don't know just how frequently and from the range of sources prying eyes come knocking until you use a piece of software designed to prevent exactly this sort of eavesdropping.
For Windows there are two popular solutions -- the open source Peerguardian and Protowall. Quite literally, these tools are optimised IP filters that can blacklist known abusers. They operate by installing a driver, essentially an IP queue, to filter incoming connections based on regularly updated blacklists.
And there's an added advantage to using them too. It's not just the big media magnates and their legions scouring the networks that are a threat, the IP block lists include known spam, phishing, advertising, virus and spyware sources as well.
In other words, it's healthy for your machine.
And perhaps that's where some of the 200,000 IP address ranges that make up the core blocklists are populated from, not just the obvious culprits but also all those lovely spammers and purveyors of spyware.
 Blocklist sources: Choose from pre-defined IP blocklists that include ad trackers, spyware, trojans and more. |
While these tools are quite mature under Windows, Linux is a different story. At one stage there was a Peerguardian version for Linux, but this has since handed over the torch to MoBlock. Still in development, MoBlock accepts as input Peerguadian block lists (.p2b) and adds a queue within the kernel to be managed by iptables for filtering. And it's extremely fast.
Static binaries and source are available (note you need the libnfnetlink and libnetfilter_queue libraries installed to compile the source) and, once installed, it's a good idea to edit the MoBlock shell scripts to open various ports you don't want filtered, such as 80 for HTTP and 443 for HTTPS. There's no automated tool to get .p2b files yet, so you'll need to download some to use. You can use lists copied over from Windows from Peerguardian or Protowall, or use the Windows Block List Manager from Bluetack, and export the 'guarding.p2b' file for use with MoBlock. Alternatively you script to directly fetch the lists from Bluetack too.
So how well does it work? The funny thing is, and the frightening thing is, that even just jumping on Azureus to grab the latest Fedora DVD image, I managed to get a heck of lot of dropped packets from dubious sources in the logs.
As the old axiom goes, information is power. Don't give yours away.
 MoBlock log: Sony and trojans (W32.Gaobot), blocked at the door. |