Do P2P Blocklists Keep you Safe?

Written by Ernesto on April 15, 2007 

Recent findings by researchers from the University of California, Riverside, show that 15% of the IPs people connect to on the Gnutella P2P network are blocked by blocklist applications such as PeerGuardian. Statistics like this do not prove anything about the effectiveness of these lists, however, according to an insider who worked for several anti-piracy organizations, blocklists significantly decrease the risk of getting caught by the MPAA or RIAA.

In a recently published paper, the researchers analyzed the results of a large scale experiment where they examined the number of hits they received from blocklisted IPs in a real P2P network. For a period of 90 days the researchers collected data using three differnet blocklists (PeerGuardian, Bluetack, and Trusty Files) on the Gnutella Network.

Their main conclusion: a user who is not using blocklist software is practically guaranteed to be monitored.

Other conclusions from their research are:

1. 5 blocklist ranges encountered during the experiments contribute to nearly 94% of all the blocklist hits.
2. Most blocklisted IPs belong to government or corporate organizations.
3. Very few blocklisted IPs belong directly to content providers such as record labels.

The researchers also note that the top 15 most encountered IPs operate from so called BOGON IP ranges, which can’t be traced back to a specific owner. This suggests that these sources deliberately want to stay anonymous, which could indicate that they are up to something.

The paper has some interesting findings, and does provide some insight into the workings of blocklists. However, it doesn’t say much about the accuracy and effectiveness of these blocklists.

In an attempt to find an answer, TorrentFreak asked an expert in the field, who worked with several anti-piracy organizations, how effective these lists are. His guess was that approximately 75 - 80% of IPs used by the anti-piracy companies he worked with are on these blocklists. This means that they offer some protection, but that they’re not foolproof.

The cat-and-mouse game between anti-piracy organizations and blocklist managers such as Bluetack will probably continue for a while.

If you don't like torrents try MP3 Fiesta. They hold nearly 67,000 albums from nearly 17,000 artists. Prices are around the $0.10 mark for single tracks with full albums coming in at roughly $1.00. Tracks are available from 192kbps and they take major credit cards and PayPal

Previously: This is How We Catch You Downloading

Next: Mosts Popular DVDrips on BitTorrent (wk15)

31 Responses (Add yours or TrackBack)

Pages: [1] 2 » Show All

1 Apr 15, 2007 at 23:07 by guy

counterargument here:

http://neuron2neuron.blogspot.com/2006/05/blocklist-balderdash.html

2 Apr 16, 2007 at 00:03 by Ernesto

[quote comment="85664"]counterargument here:

http://neuron2neuron.blogspot.com/2006/05/blocklist-balderdash.html/quote

Well not really a counterargument, like I said, these lists are not 100% foolproof, and they will never be.

Good read though.

3 Apr 16, 2007 at 02:16 by jake patel

Are there any programs for vista? PG2 doesnt work in vista.

4 Apr 16, 2007 at 04:49 by aXXo

I only trust one block lister, and that is Peer Guardian 2. It is the only Block lister I completely trust, and will ever trust. Often times a lot of the other blocklists will watched by or made by a government organization.

Ernesto, go ahead and let everyone know this is me.

5 Apr 16, 2007 at 12:13 by Smartass

[quote comment="85811"]I only trust one block lister, and that is Peer Guardian 2. It is the only Block lister I completely trust, and will ever trust. Often times a lot of the other blocklists will watched by or made by a government organization.

Ernesto, go ahead and let everyone know this is me.[/quote]

How cool we got axxo on the torrentfreak comments that’s pretty cool. anyway i happen to use PG2 and it seems to work for me. I don’t know about all you guys but i started moving to private trackers. I bet axxo is Most wanted on the MPAA’s list so i remain on my toes at all times when i download his torrents.

6 Apr 16, 2007 at 14:41 by kb

also plus block all USA ip should bring 75%-80% to 90%-95%

7 Apr 16, 2007 at 14:41 by Jerry

Users of GigaTribe also have nothing to worry about as all exchanges between friends are strongly encrypted (meaning, your ISP would have no way of detecting what you’re exchanging!) See http://www.gigatribe.com for more information

8 Apr 16, 2007 at 16:47 by Michael T. Babcock

Just wait for the *AA companies to start paying users to do this research for them with custom software. “Install this P2P app and let it auto-search for our copyright files and we’ll pay you $100/mo for your services”

Insider snitching will always get around these lists.

9 Apr 17, 2007 at 03:26 by Brian

aXXo… i have used peer gaurdian 2 with several updated lists while downloading internal movies. it’s bullshit if you think it works. you are probably the gov’t. peergaudian probably is too.

10 Apr 17, 2007 at 04:23 by SantaBJ

*Always* use blocklisting software. It’s true, they are (obviously) not fool proof - but they clearly provide *some* level of protection. And any protection is better than nothing at all.

Personally I use PG2 with several blocklists from several sources, as well as one huge blocklist in uTorrent’s integrated IP bloclist feature.

11 Apr 17, 2007 at 06:20 by aXXo

[quote comment="86204"]aXXo… i have used peer gaurdian 2 with several updated lists while downloading internal movies. it’s bullshit if you think it works. you are probably the gov’t. peergaudian probably is too.[/quote]
Internal movies. You do realize these lists wont block your ip from your own pc or LAN, right?

You’re retarded.

12 Apr 17, 2007 at 21:17 by axxo

No wait, on second thoughts I’m retarded.

I just need a break from this computer, my whole life is spent on the Internet revolving around people I don’t even know. It gets to you sometimes.

13 Apr 19, 2007 at 07:32 by Michael

> Are there any programs for vista? PG2 doesnt work in vista.

Even Notepad doesn’t work under Vista.

Vista must be the least downloaded program on BitTorrent. If you are caught downloading it, Microsoft pays you!

14 Apr 19, 2007 at 10:13 by Quartz

The researchers are suspect in this case as its well known that the blocklist provided for use with PG2 comes directly from Blutak and so any statistics drawn are wrongly weighted.

Can we see the real statistics of why those compiling these blocklists think the RIAA/MPAA etc own over 35% of the internet?
PG is currently blocking 900 million IP’s, and excluding the IP ranges not even allocated for use its about a third of the internet.

Heres the real deal, its a list of ever expanding proportions, very few numbers are ever removed even if they are innocently added, in time your own IP is likly to appear on it, for now its a useful tool for the anti P2P forces to help slow down peer to peer networks, it is famed for blocking a few at the moment namely edonkey servers,winmx peer caches and many torrent sites, of course you wont read any of this on the blutak forum as its soon deleted.

A real blocklist is one thats maintained by those who know what they are doing, blutack most certainly do not, its indefensible to add ranges that are dynamically allocated (DSL) consumer ranges and leave them on the list perpetually so no other user can use them, either they clean up their list or they should shut up shop.

False security is no security.

15 Apr 20, 2007 at 02:04 by proberlystupid

i use peer guardian also , im no expert, but i think if i was the mpaa i would also install peer guardian and update my blocklist then look to see if my ip ranges was on there ,,and if they was i would have something done about it , ie: change them … i have my doubts whether pg2 would prevent much but i use it anyway

16 Apr 22, 2007 at 16:50 by Moore

Blocklists are not a 100% solution to P2P protection, or any form of protection.

No one in their right mind would ever think they could provide bulletproof protection against an ever changing environment which is the internet.

No one I know who has been involved in maintaining the blocklists has ever claimed that you would have 100% protection from a couple of IP lists. People may assume otherwise, but it has never been advertised as the silver bullet solution.

What they can do is help restrict traffic from all the known identified groups of IPs used by malicious companies or individuals.

Bluetacks blocklists are the most comprehensive lists provided by any research group, the list database is updated daily and do not intentionally block legitimate IP networks. Anything proven to be on the lists incorrectly is removed.

There are many people who have counterarguments, when you look into their reasons, you will often find a personal disagreement behind their argument which is the real reason for their attemot to discredit the use of blocklists.

In the case of that moron2moron couterargument guy, he was pissed when Utorrent found it’s way into the lists provided by Bluetack after it was announced the dev had done some work for a p2p hunting company.That guy then decided to get some kind of revenge by spreading his own style of FUD.

Now in hindsight we can see that a lot more people agreed with the principle of blocking utorrent.

To the unfortunate noob who thinks Bluetack block 35% of the internet trying to stop the likes of the MPAA/RIAA, well first you obviously have no idea of the intended targets of each list that Bluetack provide. While you may think that the MPAA/RIAA has 35% of all assigned IP’s, you would be mistaken. Those two are also not the most dangerous groups to be blocklisted, while the RIAA may be the most public in their activities, the likes of BAYTSP/ESA/BSA/Mediasentry etc are much more prevalent on all p2p networks and are terrorising P2P users on a greater but less publicised scale.

You wonder why the lists are constantly growing, maybe it’s because there are also new anti-p2p entities emerging who are added to this ever increasing blocklist, not to mention there are always going to be newly allocated ranges to the companies who find themsleves blocked to get around the lists.

You can find a breakdown of the enormous amount of anti-p2p groups that have been researched and included into the blocklists here:
http://www.bluetack.co.uk/forums/index.php?showtopic=1052

One of the highlights of the lists effectiveness was back in 2003 when BAYTSP was kicked off the sonic network after being blocklisted by Bluetack. This action on the part of the Bluetack list maintainers helped bring the malicious activities of BAYTSP to the attention of the Sonic network admins who dealt with them appropriately. Utlimately the success and failure of any blocklist depends on it’s users for constant feedback, without that feedback they would not be as effective in keeping up with things that need to be addressed.

Now Winmxworld can hardly be considered a legit p2p group in any form. They are simply a group of script kiddies who attack any other site or group they don’t like and then whinge like babies every chance they get whenever the sites they attack stand up to them.. Not only that but their obsession with macrovision and a total ignorance of any real high level anti-p2p group puts their whole user base at risk from the real threats which are a lot worse than anything fake files will do to a persons life.

There are real WinMX groups available taking their users safety seriously and I recommend you check them out for your own sake.
See here for more details: http://forum.mxpie.info/mxpiehelptopic342.html

Depending on which lists you use the amount of IP’s you block can vary greatly.

The level 1 [antip2p] list alone will block roughly 17% of the assigned IP space. Thats not a huge amount on it’s own.

The IANA reserved blocklist contains roughly 30%. These unassigned IP ranges can be used by hackers and antip2p companies to hide their activities.

Total IP Count: 1,329,572,862 (out of 4,294,967,296 IP’s or 30.95653% !!

The BOGON IP blocklists provided by Bluetack are maintained by http://www.completewhois.com a leader in IP network research, not only in regards to BOGON ranges, but also research in hijacked IPs and the activities of IP network hijackers, and their lists are also updated daily. These lists are complemeted by the blocklist from D-shield, who actively compile data from firewall logs to map out the most active IP addresses used by hackers and other network attacks.

Any Emule servers on the lists are either fake servers, suspicious or otherwise unverified. There are various emule devs working closely with Bluetack to keep an eye on the increase of servers run by antip2p companies like mediasentry.

There are just too many self appointed experts like you on the internet these days commenting on things you have no actual idea about. Spreading false and innacurate information is a disservice to all other p2p users.

So basically, there are a wide variety of lists for many different purposes, they are not restricted to just providing people with P2P protection. Online threats are not limited to just P2P networks.

For anyone interested you can check out the FAQ here on the different lists and their intended uses and decide for yourself if they are useful to you or not:
http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=17

Also I don’t see how you could trust any comment from someone who works with the anti-p2p groups, as they largely rely on propaganda as their main weapon in that cat and mouse game.

Pages: [1] 2 » Show All

Add your response

It takes approximately 1 minute for your comment to appear on TorrentFreak after it's posted.