Okay everyone please flame on this idea as much as you want....unless of course you think it might be an avenue worth at least testing/exploring.

With the current way that most people, myself included have their blocklist set up, it is a list of bad IP ranges. Whenever I update the lists via he BLM now, I'm blocking ~45% of the internet. So I was thinking...If I'm going to be blocking nearly 50% of all of the IPs out there...and even with those blocked, new ones are found to be bad every day....why not just start out blocking the ENTIRE range of IPs and then instead of downloading a Blacklist, download a Whitelist! If the White list contains only "trusted" IPs then it would only seem logical that it would be more safe than blocking bad ranges and hoping that there aren't any more bad ones spying on us that we don't know about yet.

Of course in doing this, it would be IMPERATIVE for the exclusions to work properly so that if you needed access to a certian IP, you could attain it...but in approaching this apex of having 50% of the internet blocked, to me it seems like something to at least consider. Also when access is given on an as needed basis, it's definately going to be more safe.

Of course the most obvious downside to this is that all of the work that has been put into generating the blocklists would be seemingly be lost....but if you take the negation of the Blacklist, you would at least have a good start for a Whitelist! Also since this idea would be most ideally implimented via PW...well let me explain this using a scenero rather than a long bloated sentence:

PW is loaded with the Whitelist AND Blacklist
IP x.x.x.x tries to connect to your computer
PW pops up a message that says
"IP x.x.x.x is trying to connect to your computer.
x.x.x.x is NOT in your Whitelist.
x.x.x.x is NOT on your Blacklist.
Allow this connection? (y/n)
[if y] Add this IP to your white list? (y/n)"

scenereo 2
IP x.x.x.x tries to connect to your computer, but x.x.x.x is on your Blacklist ONLY
the connection from x.x.x.x is denied.

scenereo 3
IP x.x.x.x tries to connect to your computer, and x.x.x.x is on your Whitelist
BUT x.x.x.x is ALSO on your Blacklist.
at this point there could be an option for permit over deny/deny over permit OR popup a choice.

scenereo 4
IP x.x.x.x tries to connect to your coputer, and x.x.x.x is on your Whitelist ONLY
the connection from x.x.x.x is accepted.


I suppose all in all this is just 2 different solutions to the same problem, and maybe would only seem viable to the most paranoid among us. Also keep in mind, if we're sort of "starting from scratch" with the Whitelist, at least initially the download time and the merge time will be infintecimal

Just my random idea for the day!

its been in thought at the moment,but we are still working on it as there are more whites than blacks i think

the white lists would be just as big and doing it in reverse may work but we will have to see on that...

good idea neo, take a look at my similar blocklist safety campaign idea

http://www.bluetack.co.uk/forums/index.php...?showtopic=1093

lol

Well I guess like they say Moore, great minds think alike. Appologies for the semi double post.

At this point I don't know if this post should go in the protowall section, P2P security with Moore's or here....so well since I'm alreayd typing, it's going here

Maybe I'm just getting really excited with grand visions of a new safe internet......going back before there were IPs and re-creating it from scratch, in a way.

Anyway, maybe the thread should be entitled "A rethought Idea for P2P security"

yah

I had a simular Idea way back when

http://www.peerguardian.net/forums/index.p...wtopic=2128&hl=

did not get to far then with the Idea

well it wouldn't work efficiently with filesharing (might as well use a secure filesharing app anyways) but i get the overall idea (regular residential isp ranges can be used for tracking and the like)

personally i'd like to see a way to efficiently and speedily use proxies to make our way around the internet like the business software ass. does when they track and bust ppl and i'd like to see the filesharing community back a move to using more secure p2p apps

yea, the idea would be kinda hard to implement....for the normal p2per....cause they will be dumbfounded as far as what IPs they should "grant" and which they should "deny" but yea, I like the idea, but yea, a lotta hard work I think

I was reading something interesting at the wayback archive, an idea sorta like DDD's idea. I cant remember the link...but they had little visual pics and stuff ......it sounded kinda interesting

On the other hand, the giant "BLOCK ALL INTARWEB" idea....I was thinking, it would kinda end up like a big group of friends, like.....you could trade IPs of friends and, just add specific IPs to your granted section, so YOU know who you are downloading/Uploading to/from, and NOONE else can download/upload to/from you unless they are in your "list" of granteds I dont know, it kinda reminds me of XS, like a small network of friends, only on a BIGGER p2p network (such as Kazaa, eMule, etc) and so while your connected, only people on your granted list could connect to you to either DL or UL.

im only doing it for my own websurveying, im not that crazy to use it for p2p , something in my comp would probably blow up with the amount of blocked connections lol.






your on the right track there r00ted that would be cool if it could work, i guess though thats what irc etc is like now

yep, thats pretty much how mIRC is tho...I dont go trigger happy and reject everyone Im all about sharing the music lol. But of course, I got ZA pro to cut any1 from enemy ranges from connecting hehe.

Yeah, I guess it does have several holes in it...but that's all it was, just food for thought

naw. about the only "hole" so to say is the environment for the "novice" user, who wouldnt know whether to grant or deny it. But, for the expert user, it's cool

i think well get something figured out on this , its a bit like a manual firewall rules wizard the way i use it..


i also noticed that the source code to proxyrama is freely available , maybe we could get some proxy support intergrated later on down the line, as DDD is very right in saying we also need to focus on secure p2p apps as well.

There's a slight problem with this concept. If we "block all" first and then allow access, what would stop if one of the IPs in the "Whitelist" is actually, say the RIAA (worst case scenario) ???

I prefer the current method since we're blacklisting sites. If an IP is blocked (whether good or bad), then it won't be an issue for you. It won't result you being logged by the "bad people" for legal action.

that's good stuff- if i had any programming knowledge i'd be on that

In response to stmok, for what I was suggesting, the Blacklist would not be completely given up. As I brought up in one of my scenereos, the idea is to cross-reference the Whitelist AND the Blacklist.

More in-depth look at this on Moore's campaign thread:

http://www.bluetack.co.uk/forums/index.php...findpost&p=6717