OK I've been a little busy with my list..

I start out blocking everything and make a few holes for fav websites for normal web surfing, and when you want to download something etc from P2P , switch your lists to the 52% blocked list or something hey..

It works as a cheap IP Intrusion detection system and of course as a handy IP blocker for a totally secure computer.

To maintain it , all you need to do is keep a daily record of the trusted sites you visit and their IPs and spend "some" time opening up all your favourite ranges,

I usually have my Protowall blocklist open so I can edit the blocklist quickly if I need to block or unblock a new range and save the changes..

It's good practice too.

------------------------------------------------------------------------------------------------------------------------

NOW YOU CAN USE THE EXCLUSIONS MANAGER IN THE BLOCKLIST MANAGER TO ADD ALL YOUR FAVOURITE IP ADDRESSES AND SAVE YOURSELF A LOT OF TIME EDITING THE BLOCKLIST !

There are a few more IP lists in my other posts below...

-------------------------------------------------------------------------------------------------------------------------

ALL BACKGROUND TRAFFIC U NEVER SAW BEFORE IS NOW BLOCKED.

Finished Time: 28/02/2004 4:44:30 PM
Rules added: 57
Sources Processed: 1
Duplicates Removed: 0
Merged Ranges: 0
Total IP Count: 3,980,591,103 (out of 4,294,967,296 ip's in the world, or 92.7% !!)
Process Time: 0.96 seconds.
Download Time: 0.00 seconds.
Total Time: 0.96 seconds.
Error Count: 0
Converting to ProtoWall...
Conversion Complete.
Conversion output saved to
Conversion output saved to C:\Program Files\Dudez\experiment lists\92.7% PROTOTYPE.p2p


--------------------------------------------------------------------------------
ProtoWall v1.42(build 5300) [*FiNAL*]
LOGGING STARTED on Saturday, February 28, 2004 at 17:10:42
--------------------------------------------------------------------------------

There are 4214489063 known IP addresses in 62 ranges.

--------------------------------------------------------------------------------


now thats what I call security thanks Sera and DudeZ , I'm very happy now..


This is what blocklist im starting with. This is only for experiment obviously, use it if youre crazy about editing IP ranges and want to fix this list for me properly.. while I wait i still have my 58.3 % blocklist for normal surfing.


IANA:0.0.0.0-0.255.255.255
TEST:1.0.0.0-1.255.255.255
TEST:2.0.0.0-2.255.255.255
General Electric Company:3.0.0.0-3.255.255.255
Genuity:4.0.0.0-4.255.255.255
IANA:5.0.0.0-5.255.255.255
DoDNetwork Information Center:6.0.0.0-6.255.255.255
DoDNetwork Information Center:7.0.0.0-7.255.255.255
Genuity:8.0.0.0-8.255.255.255
IBMCorporation:9.0.0.0-9.255.255.255
IANA:10.0.0.0-10.255.255.255
DoDNetwork Information Center:11.0.0.0-11.255.255.255
AT&T WorldNet Services:12.0.0.0-12.255.255.255
XeroxPalo Alto Research CenteR:13.0.0.0-13.255.255.255
IANA:14.0.0.0-14.255.255.255
Hewlett-Packard Company:15.0.0.0-15.255.255.255
Digital Equipment Corporation:16.0.0.0-16.255.255.255
AppleComputer Inc:17.0.0.0-17.255.255.255
Massachusetts Institute of Technology:18.0.0.0-18.255.255.255
FordMotorCompany:19.0.0.0-19.255.255.255
Computer Sciences Corporation:20.0.0.0-20.255.255.255
DoDNetwork Information Center:21.0.0.0-21.255.255.255
DoDNetwork Information Center:22.0.0.0-22.255.255.255
TEST:23.0.0.0-28.255.255.255
TEST:29.0.0.0-29.255.255.255
TEST:30.0.0.0-38.255.255.255
TEST:39.0.0.0-39.255.255.255
TEST:40.0.0.0-48.255.255.255
TEST:49.0.0.0-49.255.255.255
TEST:50.0.0.0-58.255.255.255
TEST:59.0.0.0-59.255.255.255
TEST:60.0.0.0-61.255.255.255
TEST:63.0.0.0-63.255.255.255
TEST:65.0.0.0-68.255.255.255
TEST:69.0.0.0-69.255.255.255
TEST:70.0.0.0-78.255.255.255
TEST:79.0.0.0-79.255.255.255
TEST:80.0.0.0-88.255.255.255
TEST:89.0.0.0-89.255.255.255
TEST:90.0.0.0-98.255.255.255
TEST:99.0.0.0-99.255.255.255
TEST:100.0.0.0-108.255.255.255
TEST:109.0.0.0-109.255.255.255
TEST:110.0.0.0-118.255.255.255
TEST:119.0.0.0-119.255.255.255
TEST:120.0.0.0-128.255.255.255
TEST:129.0.0.0-129.255.255.255
ÐTH2ALL:130.0.0.0-130.255.255.255
TEST:131.0.0.0-138.255.255.255
TEST:139.0.0.0-139.255.255.255
TEST:140.0.0.0-148.255.255.255
TEST:149.0.0.0-149.255.255.255
TEST:150.0.0.0-158.255.255.255
TEST:159.0.0.0-159.255.255.255
TEST:160.0.0.0-168.255.255.255
TEST:169.0.0.0-169.255.255.255
NOT:170.0.0.0-178.255.255.255
TEST:179.0.0.0-179.255.255.255
TEST:180.0.0.0-188.255.255.255
TEST:189.0.0.0-189.255.255.255
TEST:190.0.0.0-192.148.255.255
TEST:194.0.0.0-198.255.255.255
TEST:199.0.0.0-199.255.255.255
TEST:200.0.0.0-200.255.255.255
TEST:201.0.0.0-201.255.255.255
TEST:202.0.0.0-202.21.255.255
TEST:202.23.0.0-202.29.255.255
TEST:202.30.0.0-202.39.255.255
TEST:202.40.0.0-202.42.255.255
TEST:202.44.0.0-202.44.255.255
Software AG:202.45.0.0-202.45.255.255
Japan Network Information Center:202.48.0.0-202.48.255.255
TEST:202.49.0.0-202.50.255.255
TEST:202.51.0.0-202.59.255.255
TEST:202.60.0.0-202.69.255.255
TEST:203.0.0.0-203.255.255.255
TEST:204.0.0.0-204.255.255.255
TEST:205.0.0.0-205.255.255.255
TEST:206.0.0.0-206.255.255.255
TEST:207.0.0.0-207.255.255.255
TEST:208.0.0.0-208.255.255.255
TEST:209.0.0.0-209.255.255.255
TEST:210.0.0.0-210.255.255.255
TEST:211.0.0.0-211.255.255.255
TEST:212.0.0.0-212.255.255.255
TEST:213.0.0.0-213.255.255.255
TEST:214.0.0.0-214.255.255.255
TEST:215.0.0.0-215.255.255.255
TEST:216.0.0.0-216.11.255.255
TEST:216.13.0.0-216.91.255.255
TEST:216.93.0.0-216.93.255.255
TEST:217.0.0.0-217.255.255.255
TEST:218.0.0.0-218.255.255.255
TEST:219.0.0.0-219.255.255.255
TEST:220.0.0.0-220.255.255.255
TEST:221.0.0.0-221.255.255.255
SOMEUGLYBASTARDIBET:222.0.0.0-222.255.255.255
Internet Assigned Numbers Authority:223.0.0.0-223.255.255.255
Internet Assigned Numbers Authority:224.0.0.0-239.255.255.255
Internet Assigned Numbers Authority:240.0.0.0-255.255.255.255


--------------------------------------------------------------------------------------------------------

This is what im starting with , as i break down the ranges bit by little..bit


What do you think of this system.??

---------------------------------------------------------------------------------------------------------

I like it In the Protowall 2.xx thread, I actually suggested PW do something like this Start with a FULL INTERNET BLOCK (aka, all connections BLOCKED straight away) then.....as you navigate sites, have PW grant them 1 at a time or whatever.

I know some of the more powerful firewalls actually do this....but most people despise them because they dont know whether to "allow" or "deny" the packet But yea, I like this idea. very powerful for protection.

ok I've moved this out here from the staffroom cause I want to see if anyone else likes this idea..

It is a slow process of cutting up the ranges, but once its done you can surf with almost complete protection..

I have about 4 different main blocklists that I interchange with so far, depending on what im doing..

I've broken up the above list a lot since I posted it , but the one i posted above will allow bluetack, google , whois.arin and whois.apnic , just for a good start , lol.

well it would be a slow way of doing it,but if we can get protowall and the blm working together it would be a kool thing for some of us to do,just start from the full list and start cuting it down

i was working on something like this before but i ran into the exclusion problem when it range was to big lol

well when the exclusions were to big that is

I can just use the BLM personal exclusions list for this now right ?

GREAT moore, just great.

yes it should work thats what i was doing

im glad your one step ahead..

lol that is going to be a really huge project there,so we may need to do like we have been

cause if you look we do have a whole lot done with the blacklists,just basically sortings to do

there are a few areas that we don't have fully covered:

4
12
60-70

that is where the focus should be now

so start some trace routs and lets get some more ranges

lol, ok captain , im on it.

ill start with the 60 + ranges cause ive been done a lot on china already, my solution to the genuity range is this 4.0.0.0-4.255.255.255

the blocklist safety campaign will be a background project for later.(tomorrow)


hey there are still a lot of ips we do have in those ranges too.

ok i updated the testing list with some of the ranges that were not covered,its time for me to work on the lists again

this project looks neat has this this list been added to the BLM sources? Would be cool for me to run at night on my dialup box with no p2p going, just to see what programs I happen to have on my box "calling home" Or who might be calling IN to my box that would be interesting to see.

well i guess we can add it in to the blm,but we need to warn peeps not to select it lol

moore give me a updated list and we shall add it in

lol. hehe. yea next release of the BLM just maybe make the sources window bigger And put in like size 14 bold, DO NOT USE "x" LIST IT'LL BLOCK TEH INTARWEB!" lol.

BTW, what websites have you "excluded from that list Moore? You mention "98.9 % internet lockdown" but I'd think it'd be like 99.some % with only those few websites "excluded".

well, its actually about 92.7% now , I've taken out a few whole ranges and bits here and there, it doesnt actually take very long to break the range , just lots of websites to think about..

outpost has a dns cache , so I can get all my records of sites ips which is handy for this..


ok DA I'll look for the current one , it's pretty mangled right now.

ill open up a few more website ranges i think first..

ok here is what im gonna do for you moore,but it will take me a bit to convert it all

im sure you heard of my "internet maping" project right....

anyhow now that we have smartwhois 4x we can export to excel and then in turn to cvs modified and thus the blm will eat it so i should have the uberlist here very soon for you to play with

cool , that sounds good .oO° Ðeath °Oo.

i wouldnt go adding this to the BLM just yet , people will end up using it anyway for everything, and then it will be , why do you block this range , why do you block my nans house that burnt down in 1784, take it out , lol. no offence to anyone..

Hey moore, mind sending me the p2p file that blocks 100% of the net? I figure, I'm in this CISCO Networking Essentials course, I might as well learn how to split these ranges and stuff and learn something

yeah sure.
one thing about protowall , if any ip ranges are invalid protowall will not start but crash .

i thought id fkd it up again , lol, but the last .p2p file i imported was the problem , and i even reinstalled protowall driver , thinking it was the problem, but as soon as i removed the bad blocklist from protowalls directory, voila, protowall is alive and kicking, lol.

so if anyone has that problem of protowall not starting , try removing the blocklist if its been modified .

Just to bring up a small point that I made in my thread, I think for this sort of project that both a Blacklist AND a Whitelist be used. This way you can initially divide the IPs into 3 categories, or what I refer to as the Black, White, and Gray areas. Pretty self explanatory, Black is known bad ranges, White is known good ranges, and Gray are not known to be good or bad, but for safety's sake, considered bad. As more IPs are found to be good or bad, the Gray area will shrink until, ideally you have the entire range of IPs accounted for.

Also I'd like to clarify a misconception (or at least to me it seems that everyone [including myself until I gave it some more thought] is misinterpreting this whole thing). Starting with an entire block and then making allowances, or starting with nothing blocked, and blocking them as they come, you're still just making a blocklist.......not an allow list. When I refer to a Whitelist, I'm not refering to a list of things that should be excluded [via the 002 flag or whatever it is] from the Blacklist, but rather a list of things that should not be included in the first place.

Of course there is then the question of personal blocking. Maybe someone wants to block more, maybe someone want's to block less. If you want to block more, simple, add more rules to the Blacklist. If you want to block less, simple once again, add more rules to the Whitelist (which subsequently will not ever be added to the blacklist).

All in all, maybe the 001,002 should be rethought, because if you just have one kind of rule, there would have to be no cross-reference done by a program (PW in particular).

Thus are the thoughts of the Penguin at 5am EDT.

ok kats here is the most of the class a ip ranges,i think its all i have but ill have to go back and check them'

this is a test useing smartwhois and the blm to make the list so it will have long names for the time being

thanks , got any more things to download like that...


hey i just converted my large outpost/blockpost list with the blm into peerguardian format and all blockposts single ip ranges have subnet masks of 255.255.255.255 etc, which blocks absolutely everything in protowall lol, now i have to go through 19000+ ranges and edit them by hand ..

thats shitty moore,i have all the others but i ran out of time this morning,im working on the lists now but i don't have excel here to conver them to cvs

im looking for a better way to convert it now

i might have to get smartwhois again and load er up , nsbatch isnt pulling its weight lol.

you can load up batch whois lists cant you in smartwhois.?

You should be able to write a VB program that allows you to load an excel spreadsheet, although it's just not clicking with me what cvs is...other than a drugstore here in the US.

Also you could just do a find/replace, and change 255.255.255.255 to, 255.255.255.0 or whatever you wanted...still kinda manually, but not as tedious.

sorry comma seperated values csv

im working on the save and open blm to excel as it should work better,I should have it done soon enuff

ok for anyone that is interested in using the full 100% internet block to start their own list from , heres my attempt :

USE AT YOUR OWN RISK LOL, CAUSE IT WILL BLOCK almost 100%.


IANA:1.0.0.0-2.255.255.255
General Electric Company:3.0.0.0-3.255.255.255
Genuity:4.0.0.0-4.255.255.255
IANA:5.0.0.0-5.255.255.255
DoDNetwork Information Center:6.0.0.0-6.255.255.255
DoDNetwork Information Center:7.0.0.0-7.255.255.255
Genuity:8.0.0.0-8.255.255.255
IBMCorporation:9.0.0.0-9.255.255.255
IANA:10.0.0.0-10.255.255.255
DoDNetwork Information Center:11.0.0.0-11.255.255.255
AT&T WorldNet Services:12.0.0.0-12.255.255.255
XeroxPalo Alto Research CenteR:13.0.0.0-13.255.255.255
IANA:14.0.0.0-14.255.255.255
Hewlett-Packard Company:15.0.0.0-15.255.255.255
Digital Equipment Corporation:16.0.0.0-16.255.255.255
AppleComputer Inc:17.0.0.0-17.255.255.255
Massachusetts Institute of Technology:18.0.0.0-18.255.255.255
FordMotorCompany:19.0.0.0-19.255.255.255
Computer Sciences Corporation:20.0.0.0-20.255.255.255
DoDNetwork Information Center:21.0.0.0-21.255.255.255
DoDNetwork Information Center:22.0.0.0-22.255.255.255
IANA-Reserved:23.0.0.0-23.255.255.255
TEST:24.0.0.0-24.255.255.255
TEST:25.0.0.0-28.255.255.255
TEST:29.0.0.0-29.255.255.255
TEST:30.0.0.0-38.255.255.255
TEST:39.0.0.0-39.255.255.255
TEST:40.0.0.0-48.255.255.255
TEST:49.0.0.0-49.255.255.255
TEST:50.0.0.0-58.255.255.255
TEST:59.0.0.0-59.255.255.255
TEST:60.0.0.0-61.255.255.255
TEST:63.0.0.0-63.255.255.255
TEST:65.0.0.0-69.255.255.255
TEST:69.0.0.0-69.255.255.255
TEST:70.0.0.0-78.255.255.255
TEST:79.0.0.0-79.255.255.255
TEST:80.0.0.0-88.255.255.255
TEST:89.0.0.0-89.255.255.255
TEST:90.0.0.0-98.255.255.255
TEST:99.0.0.0-99.255.255.255
TEST:100.0.0.0-108.255.255.255
TEST:109.0.0.0-109.255.255.255
TEST:110.0.0.0-118.255.255.255
TEST:119.0.0.0-119.255.255.255
TEST:120.0.0.0-126.255.255.255
LOOPBACK:127.0.0.0-127.255.255.255
BLOCK:128.0.0.0-128.255.255.255
TEST:129.0.0.0-129.255.255.255
TEST:130.0.0.0-138.255.255.255
TEST:139.0.0.0-139.255.255.255
TEST:140.0.0.0-148.255.255.255
TEST:149.0.0.0-149.255.255.255
TEST:150.0.0.0-158.255.255.255
TEST:159.0.0.0-159.255.255.255
TEST:160.0.0.0-168.255.255.255
TEST:169.0.0.0-169.255.255.255
TEST:170.0.0.0-178.255.255.255
TEST:179.0.0.0-179.255.255.255
TEST:180.0.0.0-189.255.255.255
TEST:190.0.0.0-198.255.255.255
TEST:199.0.0.0-199.255.255.255
TEST:200.0.0.0-200.255.255.255
TEST:201.0.0.0-201.255.255.255
TEST:202.0.0.0-202.255.255.255
TEST:203.0.0.0-203.255.255.255
TEST:204.0.0.0-204.255.255.255
TEST:205.0.0.0-205.255.255.255
TEST:206.0.0.0-206.255.255.255
TEST:207.0.0.0-207.255.255.255
TEST:208.0.0.0-208.255.255.255
TEST:209.0.0.0-209.255.255.255
TEST:210.0.0.0-210.255.255.255
TEST:211.0.0.0-211.255.255.255
TEST:212.0.0.0-212.255.255.255
TEST:213.0.0.0-213.255.255.255
TEST:214.0.0.0-214.255.255.255
TEST:215.0.0.0-215.255.255.255
TEST:216.0.0.0-216.255.255.255
TEST:217.0.0.0-217.255.255.255
TEST:218.0.0.0-218.255.255.255
TEST:219.0.0.0-219.255.255.255
TEST:220.0.0.0-220.255.255.255
TEST:221.0.0.0-221.255.255.255
TEST:222.0.0.0-222.255.255.255
Internet Assigned Numbers Authority:223.0.0.0-223.255.255.255
Internet Assigned Numbers Authority:224.0.0.0-239.255.255.255
Internet Assigned Numbers Authority:240.0.0.0-255.255.255.255


HAVE FUN GUYS.

cool. Ultimate Internet Lockdown when comp is not in Use! Yaeaea! lol.

what you missing Moore? BLM is saying " Finished Time: 3/6/2004 2:53:51 AM
Rules added: 87
Sources Processed: 1
Duplicates Removed: 0
Merged Ranges: 1
Total IP Count: 3,976,265,727 (out of 4,294,967,296 ip's in the world, or 92.6% !!)
Process Time: 0.19 seconds.
Download Time: 0.00 seconds.
Total Time: 0.20 seconds.
Error Count: 0" hehe

hmm, attached is my file Maybe you can figger it out, maybe the BLM is just being buggy? I wanna see that 100% Lol.

lol, well i ran that through my blm and i got 99.6% , so thats close,





try just cutting the list i posted and save that as the .p2p maybe instead. i didnt miss any ranges i can see so i dont know...

i have a higher ip count than yours from the same ip list lol.

Ok. hmm, weird lol. Heres the log when I imported yours:


Then when I imported mine:


mine is blocking more, but it still isn't blocking 100% is it a BLM bug/error? Or....does it have to deal with IPv6 IP addresses hiding around?

hmm, i see BLM is reporting 1 merged range in your list? Maybe that's what's causing yours to report less % blocked than mine?

================================
hmm, I did a ClearList/ClearLog, then Imported fullblock.p2p (the 1 I made), then Imported yours, and came up with

hmm....gettin somewhere? On the Import menu where I selected the p2p file to Import (I used Import > File or URL, then used PG format since PW format wouldnt work) but on that dialog box I had "Dont merge ranges" and "Optimize for Simple IP logs" both un-checked/unticked on both Imports.

Are the reserved ranges blocked as well?

192.168.x.x
127.0.0.1
and I think there is one where the leading octet is 100
?

ok ill go and change the title to 99.6 % fully blocked , lol.


hey who ever said using 0.0.0.0-255.255.255.255 would work , it doesnt do jack sht..

might need to break down the ranges a bit more ??

fun experiment though, are you learning yet...lol.

ok try this 1.0.0.0-255.255.255.255 , it works good...

There are 4278190080 known IP addresses in 1 ranges.



ill see what else i can come up with..

As far as the 127.0.0.1 - shouldn this cover it? TEST:127.0.0.0-127.255.255.255

as far as 192.168.x.x - shouldnt this cover it ? TEST:192.0.0.0-192.255.255.255
TEST:100.0.0.0-100.255.255.255 would be the "leading octet is 100"?



llol. like Moore said, maybe they just need to be broken down some more. Ill ask DA, lol, maybe the % internet blocked is a lil buggy in the BLM?

well there are theoretically 4294967296 IPs in the world (256^4). Using what Moore had, 4278190080 (4278190080/4294967296) ~ .996 or 99.6%.

4294967296 - 4278190080 = 16777216 OR (256^3). This is probably do to the IANA "Reserved for Private Use" range 10.x.x.x.

I think the % in the BLM is 100% accurate, but there seems to be this one range that cannot be blocked. I don't really think it's that much of a threat...if that is indeed the range that's missing, since they're addresses used for intranets any way.

ok i think its when theyre getting merged it reads lower than what it is ,
i just merged a few of my lists together for an update and then BLM gave me errors wanting to merge two ranges , the starting number was higher than the end number , but when i converted it there was no merge and no errors and more ips than it said , so i dont know...

well the list could definitely use a bit more finetuning , i just couldnt be bothered typing out more ranges lol, it was just a quick experiment to see if it would work using full ranges... it works very good..

ok thanks neo , didnt see your post there , yes your theory sounds ok to me.... 99.6 % is as good as it gets maybe..


lol, could be worse..

Total IP Count: 4,278,190,079 (out of 4,294,967,296 ip's in the world, or 99.6% !!)

hmm so we are missing something here... 4294967295 this is the ip count with 0.0.0.0-255.255.255.255 loaded up so i think that the blm may be off a bit maybe...

ahhh...so what does that mean? my fullblock.p2p "is" blocking the whole internet? but the BLM is just reporting it the wrong way?

r00ted check your list for this mistake that was in my list.

BLOCK:128.0.0.0-128.0.255.255

Just a bump of my post here DA, maybe you missed it

in my fullblock.p2p, I got TEST:128.0.0.0-128.255.255.255


wouldnt that cover BLOCK:128.0.0.0-128.0.255.255 ? Im kinda a n00b to this IP stuff lol. But, Im thinking that range is covered?

So, whats the conclusion? Are we/me missing a/some ranges? or is the BLM calculating the IPs/% blocked number wrong?


BTW, when I imported, I wasn't using any exclusions Ill worry about those once I get the 100% block lol.

yeah youve got the right TEST:128.,.,.,., , who knows whats missing , might have to get the scientists at outpost forum to help..

hmm...or the "internet gods". Lol, all this talk of networking in my CISCO Networking Essentials course, it amazes me.....they say "nobody owns the internet" ..... fuck that shit..... There's ties somewhere between CISCO and that WC3 shit...... lol....

hmm i thought that 10 was in that list for the blm...

lol. I had a thought goin thru my head We could "expand" this project, and use real range names, instead of "TEST" What would be the easiest way to hunt down the companies though? I realize the Whois registries are constantly being updated, but figured maybe it would help some cause when we get a block/allowed packet we will know right away who it belongs to without opening the whois

So yea, I was thinking about starting this, from 0.0.0.0-0.255.255.255 to 255.0.0.0-255.255.255.255 and like i said, instead of using TEST it would have real range identifiers

lol , i have all the names of the ranges already, but that was just a test...