Ipfilter.dat And Guarding.p2p
#21
Posted 21 September 2004 - 01:46 PM
#22
Posted 21 September 2004 - 02:15 PM
Bored??? Release your inner mule and get involved with your favorite file sharing program, EMULE!!!!!! Check out my feature request.
Modifications!!!....................Speed Up eMule!!! Partly Done
On Queue 2........................Individual Max Sources/File Partly Done
Advanced Sorting.................Slot for Small Files
Easy Switching.Partly Done....Advanced Priority System
To accomplish great things, we must not only act, but also dream; not only plan, but also believe
#24
Posted 21 September 2004 - 04:07 PM
Bored??? Release your inner mule and get involved with your favorite file sharing program, EMULE!!!!!! Check out my feature request.
Modifications!!!....................Speed Up eMule!!! Partly Done
On Queue 2........................Individual Max Sources/File Partly Done
Advanced Sorting.................Slot for Small Files
Easy Switching.Partly Done....Advanced Priority System
To accomplish great things, we must not only act, but also dream; not only plan, but also believe
#25
Posted 21 September 2004 - 08:06 PM
MasterJunior, on Sep 21 2004, 07:07 PM, said:
No, it shouldn't slow anything. Of course, this will eat some CPU time and RAM, but ip filtering isn't very resource hungry task, unless you have extremely high number of sources (or rather high rate of connections per second).
Nevertheless, i think using ipfilter_full.dat is a bit overkill, better stick with normal ipfilter.dat (it's slightly more than 1MB).
#26
Posted 22 September 2004 - 10:45 AM
Bis, on Sep 21 2004, 08:06 PM, said:
It's clearly stated. For P2P the standard ipfilter/guarding list is the recommended one. The full list contains all and everything and it's useful if you are paranoid .
From openmedia.info:
Quote
#27
Posted 22 September 2004 - 05:02 PM
Bored??? Release your inner mule and get involved with your favorite file sharing program, EMULE!!!!!! Check out my feature request.
Modifications!!!....................Speed Up eMule!!! Partly Done
On Queue 2........................Individual Max Sources/File Partly Done
Advanced Sorting.................Slot for Small Files
Easy Switching.Partly Done....Advanced Priority System
To accomplish great things, we must not only act, but also dream; not only plan, but also believe
#28
Posted 22 September 2004 - 11:27 PM
MasterJunior, on Sep 22 2004, 05:02 PM, said:
It depends very much on what you are doing and how. I for instance run a FreeBSD box, so why care about blocking Spyware or Adware (which is in the full list)?
This post has been edited by MadMac: 22 September 2004 - 11:29 PM
#29
Posted 22 September 2004 - 11:30 PM
Bored??? Release your inner mule and get involved with your favorite file sharing program, EMULE!!!!!! Check out my feature request.
Modifications!!!....................Speed Up eMule!!! Partly Done
On Queue 2........................Individual Max Sources/File Partly Done
Advanced Sorting.................Slot for Small Files
Easy Switching.Partly Done....Advanced Priority System
To accomplish great things, we must not only act, but also dream; not only plan, but also believe
#30
Posted 23 September 2004 - 04:56 AM
MadMac, on Sep 23 2004, 01:27 AM, said:
What's the idea anyway, of blocking spyware and adware from within Emule? What is the threat on a Windows box?
#31
Posted 23 September 2004 - 08:26 AM
Sheep Me, on Sep 23 2004, 04:56 AM, said:
Who said it's for emule only?
#32
Posted 23 September 2004 - 05:43 PM
MadMac, on Sep 23 2004, 10:26 AM, said:
You're right, but after all this is the "official Emule-board".
I am a little worried about this excessive filtering. It seems to me like a misuse of the ability to do IP address filtering in Emule. We mindlessly install this pre-compiled list, blocking out 3/4 of the entire Internet, without knowing anything about who we are blocking, who wants us to and why. Just as important we don't know who (if any) removes the IP address ranges from the list, when the owners no longer cause a threat, or when a range gets new owners. Hundreds of thousands of harmless potential Emule users might be blocked with this list. I seriously doubt that anyone is able to maintain such a large list of IP addresses, without fucking it up. Even Google, from looking at my IP address, have had trouble figuring out if I'm from Denmark or the Netherlands, and I trust Google a hell of a lot more to get it right, than I trust Bluetack (I've never heard of them before).
Luckily (yes, I think it's pure luck) my IP address isn't included in this list, but I fear some day it will be by accident. If it is, I complain and it's removed, I don't expect people to keep their list up to date, so they might be blocking me for a long time. I cross my fingers that people won't use these lists...
#33
Posted 24 September 2004 - 07:38 AM
Sheep Me, on Sep 23 2004, 05:43 PM, said:
Yes, your are completely right. In the existing lists there are a lot of ISP's included which represent the Dial-In points for thousands of normal users. It's ridiculous to block all of them after one user may have done something bad. When you take a look you will find aggressive clients, pinger's, port scanners etc. and listed with this remarks are then the ISP's. Complete bullshit to include those ranges and this harms the network as it blocks normal users.
Therefore we are working on a way to defuse the existing lists and remove these mistakenly blocked ranges. The first changes are done and hopefully the successrate of excluding normal users in the blocklists will increase further. Some details about this you can read here http://www.openmedia...wtopic.php?p=22 and at http://www.mldonkey.org
This post has been edited by MadMac: 24 September 2004 - 07:40 AM
#35
Posted 25 September 2004 - 09:43 AM
MadMac, on Sep 24 2004, 09:38 AM, said:
They should never have been blocked in the first place. It's like getting a virus and trying to clean it out, you'll never know if you're safe again.
I still have a bunch of questions, I thank you for your time and patience to answer them.
These mistakenly blocked ranges you are talking about, were any of those blocked in the original ipfilter.dat-file (not the full one)?
Why are you even providing a "full" list for P2P use?
What is the story on all of this? What is the relation between Bluetack, Methlabs and you? Are Methlabs still updating the list, or are they just keeping a copy of the old Peerguardian-list? Will your lists be a modified version of Methlabs' or are you and Methlabs running your lists in parallel, completely independent of each other?
How did Bluetack manage to harvest such a large amount of ranges? Did they hire a thousand men to search the Internet 8 hours a day, for six months or how did they do it?
This post has been edited by Sheep Me: 25 September 2004 - 09:44 AM
#36
Posted 25 September 2004 - 03:14 PM
The current source of reference are the bluetack lists. I have no affiliation with them, just use the raw data as basis. I compile guarding.p2p filter lists for the mldonkey community; there are other guys who do the same for emule and other clients.
AFAIK some helpful guys and me are currently the only ones who look into the blocked ISP ranges. I think it would be good to join forces and get this issue solved in some way. But it's always a question of trust
Mac
info@openmedia.info
#37
Posted 26 September 2004 - 04:02 PM
As always here is the list of blocked ranges:
standard: 15106
full: 85281
#38
Posted 27 September 2004 - 09:16 AM
0.0.0.0-255.255.255.255.000,invalid
a.b.0.0-a.b.255.255.000,valid
f.g.0.0-f.g.255.255.000,valid
I'm not sure of the correct syntax.. does an overlapping range work in this case?
Or am I going to have to write a program that inverts all my in-IPs, to out-IPs?
#39
Posted 27 September 2004 - 11:45 AM
It's important to use spaces between the entries/commas.
A value of 000 (<127) means the range is blocked, a value of 200 (>127) means the range is permitted. But I'm not sure if emule can handle the combination of both. If it's not working you can use the blocklist manager from Bluetack to create a specific list for your needs.
This post has been edited by MadMac: 27 September 2004 - 11:45 AM
#40
Posted 28 September 2004 - 03:01 AM
MadMac, on Sep 27 2004, 10:45 PM, said:
It's important to use spaces between the entries/commas.
A value of 000 (<127) means the range is blocked, a value of 200 (>127) means the range is permitted. But I'm not sure if emule can handle the combination of both. If it's not working you can use the blocklist manager from Bluetack to create a specific list for your needs.
Thanks. So, the words on the end are just a comment. I ran into a description about how emule handled overlapping ranges, and I don't think it did. It's too hard for its list manager.
One way to do all this would be to keep a 500MB bit map, but it could get prohibitive with IPv6. ;-)
I think I'm going to have to write an inverter program. My plan is to get the IP ranges of the Chinese, Koreans, (asians), maybe the Germans, and swap especially dodgy popular files with them. It's UK and USA where all the traps lie. My guess is that USA has about half the IP range, and it would be difficult to filter them out. Easier just to leave them out in the first place.