What Criteria Does PeerGuardian Use?

[Escalader]

Well, hello again:

Here is something new at my end anyway.

Tried to update my PG 2 lists as per usual today.

My FW blocked the ip pg2 wanted to use.

Why? See attached jpg.

Now I'm worried about PG 2 itself if it goes to the worst country for malware for updates.

Can anybody reassure me that this is Okay? Is it FUD that I'm accidently creating here? I hate FUD.

[dw426]

Quote:

Originally Posted by Escalader

Well, hello again:

Here is something new at my end anyway.

Tried to update my PG 2 lists as per usual today.

My FW blocked the ip pg2 wanted to use.

Why? See attached jpg.

Now I'm worried about PG 2 itself if it goes to the worst country for malware for updates.

Can anybody reassure me that this is Okay? Is it FUD that I'm accidently creating here? I hate FUD.

Hi Escalader, I've been monitoring Peerguardians website for a reply to your question there also. It probably is nothing to worry about. In the meantime, I found an interesting place for more lists that I'm going to try out. Perhaps the default lists with Peerguardian do not block enough. http://iblocklist.com/lists.php

[Escalader]

Quote:

Originally Posted by dw426

Hi Escalader, I've been monitoring Peerguardians website for a reply to your question there also. It probably is nothing to worry about. In the meantime, I found an interesting place for more lists that I'm going to try out. Perhaps the default lists with Peerguardian do not block enough. http://iblocklist.com/lists.php

Hi dw426:

I looked their as well, nothing yet, however I did get a reply over at bluetack.

they are basically saying they use unversities all over the world. Gave a link for more information when I tried it PG 2 blocked the link which is included in this post.

http://www.bluetack.co.uk/forums/ind...=0&#entry87068


I am not yet reassured, no news there!

[dw426]

I put in a question myself over at the Peerguardian forums. I was reminded of all these attacks going on currently from China on even the legit websites, and it got me to thinking. If I've got Http Blocking off, can people that are listed on such blocklists as the Hacker list and some of these servers being used to attack websites still get to me with HttP Blocking off? I much prefer keeping HTTP blocked, however, when going to certain websites, there can be a ton of blocked entries and I have a hard time figuring out which IP is NEEDED by the website to run, and which of the other entries are just ad servers and the like.

Granted I'm protected by other tools such as Sandboxie, however, I can't help but feel when I click the Http Block to disabled, that I'm leaving an entry point open, lol, paranoia runs within I guess.

[Escalader]

Quote:

Originally Posted by dw426

I put in a question myself over at the Peerguardian forums. I was reminded of all these attacks going on currently from China on even the legit websites, and it got me to thinking. If I've got Http Blocking off, can people that are listed on such blocklists as the Hacker list and some of these servers being used to attack websites still get to me with HttP Blocking off? I much prefer keeping HTTP blocked, however, when going to certain websites, there can be a ton of blocked entries and I have a hard time figuring out which IP is NEEDED by the website to run, and which of the other entries are just ad servers and the like.

Granted I'm protected by other tools such as Sandboxie, however, I can't help but feel when I click the Http Block to disabled, that I'm leaving an entry point open, lol, paranoia runs within I guess.

I don't think you are suffering from paranoia at all!

FWIW, I leave http blocking on and seem to suffer no ill effects.

When I get blocked from doing something I need, I look at my FW log and id the SW needing an ip and then add that to the allowed list for that SW only.

Sort of a limited allow policy.

I'm leaving CHINA blocked completely. If Pg 2 keeps forcing that country on me via bluetack I will consider dropping pg2 as a threat on it's own right.

Not at that point yet , but after today, I'm 1 step closer.

[dw426]

Well, Escalader, SUPPOSEDLY, the China blocklist blocks all Chinese IP addresses. I have that blocklist enabled, and was able to successfully update all the blocklists I have with Http Block enabled. So, I'm wondering what's going on with that Chinese IP.


Edit: Me thinks these blocklists sometimes go overboard. With Http Block on I can't even access this forum, "Yipes Communications" is blocked. And "Beyond the Network", as nefarious as some claim them to be, seems to be on half the entire web, which means just surfing normally can be a real pain the behind. The China list is nice, lol, I'm seeing hundreds of blocks just sitting here watching the log, not even surfing around.

Edit: *sigh* PG2's forums are not a lot of help. I wish there were more specific logs. The only way I knew what IP address to allow for Wilderssecurity.com (Yipes Communications) was by watching the log the exact second I tried to load the page. How is anyone supposed to know what is what when there are multiple entries in the log for different organizations? Also, once you do get past that, in places like YouTube, you may to continually add different single IP addresses to your allow list for each video you watch.

I like things simple, lol, show me Wilderssecurity.com in the log and I'll think "Hey, gotta allow that website". Show me Yipes Communications and I'm just going to sit there scratching my head and praying it's a legit IP when I click that button.

[Escalader]

Quote:

Originally Posted by dw426

Well, Escalader, SUPPOSEDLY, the China blocklist blocks all Chinese IP addresses. I have that blocklist enabled, and was able to successfully update all the blocklists I have with Http Block enabled. So, I'm wondering what's going on with that Chinese IP.


Edit: Me thinks these blocklists sometimes go overboard. With Http Block on I can't even access this forum, "Yipes Communications" is blocked. And "Beyond the Network", as nefarious as some claim them to be, seems to be on half the entire web, which means just surfing normally can be a real pain the behind. The China list is nice, lol, I'm seeing hundreds of blocks just sitting here watching the log, not even surfing around.

Edit: *sigh* PG2's forums are not a lot of help. I wish there were more specific logs. The only way I knew what IP address to allow for Wilderssecurity.com (Yipes Communications) was by watching the log the exact second I tried to load the page. How is anyone supposed to know what is what when there are multiple entries in the log for different organizations? Also, once you do get past that, in places like YouTube, you may to continually add different single IP addresses to your allow list for each video you watch.

I like things simple, lol, show me Wilderssecurity.com in the log and I'll think "Hey, gotta allow that website". Show me Yipes Communications and I'm just going to sit there scratching my head and praying it's a legit IP when I click that button.

Just to confuse ourselves further, this AM I updated pg2 okay with my OA FW blocking China ( as you say supposedly). For the record I looked at todays connects and 219.243.200.17 was not attempted or blocked, so it is off the list today anyway.

I smell something fishy still re China. I'm leaving it blocked if all it costs is one day's delay and not going there. ( risk vs benefit)

BTW I have http on, and I can access this forum so you must have some other blocker doing that. Try puting the wilderssecurity in the allowed web site list?

[dw426]

Well, I saw the answer to both your question and mine over there, neither answer is all that thrilling. Here's the thing about allowing websites, and I'll use Wilders here as an example. You see, wilderssecurity.com, the actual name, is in none of my lists. The only thing that comes up when I try to access the website under Http protection is "Yipes Communications". Only when I allow that does it let me through.

Now, Yipes Communications hosts a lot of things I'm sure, and I fear allowing it allows whatever else they may be hosting, which can be good or bad. If my log showed the web address of the website I was trying to get to when it was blocked, it would be a simple matter, as you say, of allowing the website. However, that is not the case. All that my blocked list shows are things like Yipes Communications, Limelight (which is everywhere), Savvis, America Online (which is the only blocked entry that shows when accessing TMZ.com), and the like.

Edit: Ok, this is more trouble than it's worth. I'm just unblocking Http when I'm not doing any P2P. I think the guys who make these lists are more than just a tad overzealous. I salute their efforts, but some of the people adding these IPs seem to be afraid of every company on the earth. I would advise to use whatever lists that you want with the exception of the "CIDR Bogon" list.

For whatever reason, whenever I add that list my internet basically does nothing, I can't even load the homepage. So, either that list is not being well-maintained and those IPs in there are now in legit use, or somebody got haphazard again making the list.

[Woody777]

I don't think anyone actually knows if or how well Peer Guardian works. At various times in using this product it would block government weather sites in the USA my AV NOD32 & even my ISP. Who controls the Block lists? Maybe no one. As far as the proxy is concerned if it is an HTTP proxy it appears to do something. It could be used as some sort of an add on to a firewall perhaps. But who would make up the list? For a while people would download he list & lload into Sygate but that would usually crash Sygate somethimes.

[Escalader]

Quote:

Originally Posted by Woody777

I don't think anyone actually knows if or how well Peer Guardian works. At various times in using this product it would block government weather sites in the USA my AV NOD32 & even my ISP. Who controls the Block lists? Maybe no one. As far as the proxy is concerned if it is an HTTP proxy it appears to do something. It could be used as some sort of an add on to a firewall perhaps. But who would make up the list? For a while people would download he list & lload into Sygate but that would usually crash Sygate somethimes.

Have a look at some of the early posts here they answer at least some of your questions:

http://www.wilderssecurity.com/showp...84&postcount=2

See you!

[dw426]

You know, I've been hanging around Bluetack and honestly I'm not real sure THEY know what are on those lists. I also question how current some of these are. I know from the very first page on the website that they no longer use the Trojan list (which they say no one has updated in quite some time....exactly who are they taking these lists from?), nor do they use the whois version of the Bogon list. Whether they use the original Bogon list I can't seem to tell, however, the CIDR Bogon list absolutely destroys my internet connection.

Whether it is "safer" or not, I believe I'm just going to stick with the P2P, EDU (though even this is supposedly not needed) and the Spyware lists that PG2 uses as defaults. I'll probably keep the China blocklist also with everything that's been going on with them lately. I know the first 3 lists are updated pretty frequently, the others I'm not so sure of nor can I get any information out of their what seems to be hardly used forums.

[Escalader]

The question of update frequency for PG 2 came up a while back.

Here for information only, is my current list showing that most of them updated today. I find that at least 3 or 4 of them change/update daily.

Please note this list is a NOT recommendation for everybody else. It is just to show how I use PG 2 for ip blocking in addition to but not in place of my s/w firewall, host file etc.

[dw426]

I hope soon that Peerguardian can sometime soon have their default lists updated somewhere different than Sourceforge. For some reason there is almost always a problem connecting to the URL to get the updates. Off-topic, I had some of the same lists you do Escalader, and it caused me nothing but grief. I wish the people that make these lists would not just haphazardly throw IPs in the block lists. The point of the program is to block organizations that are anti-p2p and also blocking domains that are known to serve up spyware and the like.....I don't think K-Mart and JC Penny apply here (and yes, they are actually blocked just using the default lists).

You want some FUD? Open up your blocklist sometime and check out some of those entries.

[Escalader]

Quote:

Originally Posted by dw426

.....I don't think K-Mart and JC Penny apply here (and yes, they are actually blocked just using the default lists).

You want some FUD? Open up your blocklist sometime and check out some of those entries.

Yes, I've looked at the lists and found that most of the organizations blocked by bluetack don't limit me. I don't need to access them anyway.

If I get blocked going to a site I want I just click on allow for an hour and then I'm fine. But as everybody knows my policy is block by default so that suits my way of dealing with the www.

If others find these blockers list getting irritating and they can sure do that, then IMHO they would be better off reducing the number of lists used from bluetack or even not use any. Then if they hit a site they don't want to access or learn of one just add it to the PG 2 permanent block list. Over time you will end up with your own personalized black list.

On Kmart type sites you can click permantly allow and build your own white/allow list. I don't need to allow Kmart permanent access.

It's up to the user to learn to drive PG 2