In a recently published paper, the researchers analyzed the results of a large scale experiment where they examined the number of hits they received from blocklisted IPs in a real P2P network. For a period of 90 days the researchers collected data using three differnet blocklists (PeerGuardian, Bluetack, and Trusty Files) on the Gnutella Network.

Their main conclusion: a user who is not using blocklist software is practically guaranteed to be monitored.

Torrent Freak

Digg

Even though no blocklist is 100% safe, it certainly beats going in completely naked with no protecton at all. For the tiny amount of resources consumed by programs like PG or protowall in comparison to the extra security they provide, there is simply no argument against using them. Even if they only made you 10% safer, there would be no logical reason not to.

I recently heard of someone on a private tracker getting nailed by Trident Mediaguard bots, very shortly AFTER they got rid of PG bc a 'friend' convinced them it was "a waste of time". The offending IP range had already been discovered and blacklisted by the diligent team here at Bluetack months earlier. I guess as long as there are so many easy fish to catch, ap2p agencies will have less reason to go out of their way to get at the few who are wise enough to protect themselves.

Thanks Temerc.

We have never ever claimed to offer bulletproof protection with the lists, although a lot of people assume we do. Sure doesn't hurt to block all the "known" malicious elements on the net.

A lot of "experts" out there will also tell you blocklists are a big waste of time and why you shouldn't use them. We never took any notice of those people. I'm sure some of the people giving advice to others to ditch their blocklists are probably on the blocklists themselves and don't like not being able to track people as easily.

They may have tested three different files ? Can you guess where they all come from ?


The research is over a year old now, but still an interesting read:
http://www1.cs.ucr.edu/store/techreports/U...-2006-06201.pdf

thanks temerc

yeah looks like the the period they monitored was up to march 2006 (published recently i guess but not mentioned in the report except 2007) but still good to see what appears to be the first formal observations/studies on the use of blocklists- kinda cool!



ddd

Seeing that there were a few choice comments which I felt required setting straight over at torrentfreak I will repost my reply here in case it doesn't pass moderation over there.

-------------------------------------------------------------------


Blocklists are not a 100% solution to P2P protection, or any form of protection.

No one in their right mind would ever think they could provide bulletproof protection against an ever changing environment which is the internet.

No one I know who has been involved in maintaining the blocklists has ever claimed that you would have 100% protection from a couple of IP lists. People may assume otherwise, but it has never been advertised as the silver bullet solution.

What they can do is help restrict traffic from all the known identified groups of IPs used by malicious companies or individuals.

Bluetacks blocklists are the most comprehensive lists provided by any research group, the list database is updated daily and do not intentionally block legitimate IP networks. Anything proven to be on the lists incorrectly is removed.

There are many people who have counterarguments, when you look into their reasons, you will often find a personal disagreement behind their argument which is the real reason for their attemot to discredit the use of blocklists.

In the case of that moron2moron couterargument guy, he was pissed when Utorrent found it's way into the lists provided by Bluetack after it was announced the dev had done some work for a p2p hunting company.That guy then decided to get some kind of revenge by spreading his own style of FUD.

Now in hindsight we can see that a lot more people agreed with the principle of blocking utorrent.

To the unfortunate noob who thinks Bluetack block 35% of the internet trying to stop the likes of the MPAA/RIAA, well first you obviously have no idea of the intended targets of each list that Bluetack provide. While you may think that the MPAA/RIAA has 35% of all assigned IP's, you would be mistaken. Those two are also not the most dangerous groups to be blocklisted, while the RIAA may be the most public in their activities, the likes of BAYTSP/ESA/BSA/Mediasentry etc are much more prevalent on all p2p networks and are terrorising P2P users on a greater but less publicised scale.

You wonder why the lists are constantly growing, maybe it's because there are also new anti-p2p entities emerging who are added to this ever increasing blocklist, not to mention there are always going to be newly allocated ranges to the companies who find themsleves blocked to get around the lists.

You can find a breakdown of the enormous amount of anti-p2p groups that have been researched and included into the blocklists here:
http://www.bluetack.co.uk/forums/index.php?showtopic=1052

One of the highlights of the lists effectiveness was back in 2003 when BAYTSP was kicked off the sonic network after being blocklisted by Bluetack. This action on the part of the Bluetack list maintainers helped bring the malicious activities of BAYTSP to the attention of the Sonic network admins who dealt with them appropriately. Utlimately the success and failure of any blocklist depends on it's users for constant feedback, without that feedback they would not be as effective in keeping up with things that need to be addressed.

Now Winmxworld can hardly be considered a legit p2p group in any form. They are simply a group of script kiddies who attack any other site or group they don't like and then whinge like babies every chance they get whenever the sites they attack stand up to them.. Not only that but their obsession with macrovision and a total ignorance of any real high level anti-p2p group puts their whole user base at risk from the real threats which are a lot worse than anything fake files will do to a persons life.

There are real WinMX groups available taking their users safety seriously and I recommend you check them out for your own sake.
See here for more details: http://forum.mxpie.info/mxpiehelptopic342.html

Depending on which lists you use the amount of IP's you block can vary greatly.

The level 1 [antip2p] list alone will block roughly 17% of the assigned IP space. Thats not a huge amount on it's own.

The IANA reserved blocklist contains roughly 30%. These unassigned IP ranges can be used by hackers and antip2p companies to hide their activities.

Total IP Count: 1,329,572,862 (out of 4,294,967,296 IP's or 30.95653% !!


The BOGON IP blocklists provided by Bluetack are maintained by www.completewhois.com a leader in IP network research, not only in regards to BOGON ranges, but also research in hijacked IPs and the activities of IP network hijackers, and their lists are also updated daily. These lists are complemeted by the blocklist from D-shield, who actively compile data from firewall logs to map out the most active IP addresses used by hackers and other network attacks.


Any Emule servers on the lists are either fake servers, suspicious or otherwise unverified. There are various emule devs working closely with Bluetack to keep an eye on the increase of servers run by antip2p companies like mediasentry.

There are just too many self appointed experts like you on the internet these days commenting on things you have no actual idea about. Spreading false and innacurate information is a disservice to all other p2p users.


So basically, there are a wide variety of lists for many different purposes, they are not restricted to just providing people with P2P protection. Online threats are not limited to just P2P networks.


For anyone interested you can check out the FAQ here on the different lists and their intended uses and decide for yourself if they are useful to you or not:
http://www.bluetack.co.uk/forums/index.php...E=02&qid=17

Also I don't see how you could trust any comment from someone who works with the anti-p2p groups, as they largely rely on propaganda as their main weapon in that cat and mouse game.

nice moore

Well said Moore.
Hopefully posts like that will get through to people, and lead them to do their own personal research into how effective blocklists can be, especially if they hear negative comments about it elsewhere.

Well as I didn't monitor this thread I'm glad it got some attention. As soon as I saw it, I immediately thought of BISS.