***EDIT*** Since the actual usefulness of this info has been questioned by some I would appreciate it if the people that have tried this could post back and tell if it has helped you, hurt you, or if you have seen no results. If it is found by popular opinion that this is harmful or useless I would prefer it be deleted rather than misinform. Tks.
Pyros

In case anyone is wondering about the content in this thread, I talked to SSS prior to posting to seek permission.

Anyone who uses the internet should go to this site and read:http://www.unixhub.com/block.html

Listed on this site are the ip addresses used by the majority of spammers, spyware,crackers, hackers, and others including RIAA and MPAA. I have blocked a large amount these ip addresses in my firewall and the amount of things found by spybot and adware have drastically dropped not to mention popup have declined as well. :cool:

Also, for some interesting reading checkout this site:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Im sure some have been to these site, but I thought it would be helpful to share these with the people that havent.
Hope this is helpful to some of you.:p

Good info Pyros. Just laid all that stuff into my Cisco. God I love Cisco routers.

Yea, I need to get more familiar with my netgear router. I had to type each ip on that site into my firewall and you dont want to know how long that took. :eek:

IMO this deserves a sticky.
thanks got the info Pyros!

Can these sites be blocked using something like Norton personal Firewall?

A.S

Don't mean to jack the thread but, would it be any better/safer/more secure to use a linux box as a firewall/router, as compared to using a linksys? I've got 7 computers in my house, and have been using a linksys router, but if its better to use a box with linux on it, then I can go that route too.

Shouldnt have a problem doing in norton. Dont know which you ar e using, but in 2002 you go to your internet zone control and it has a area for trusted and restricted sites. you then add the ip's to the restricted. On the ones that are listed like this:157.245.19.0/24 for example you would enter them in the using a range selection as follows: starting internet address 157.245.19.0 ending internet address 157.245.19.24. This should restrict complete access to your pc from these ip addresses.

If Im wrong about any of this please correct me.

Pyros :cool:

*Edit* Iwas wrong about this. This link is on the web page and describes how it works. Refer to the part titled CIDR addressing.
Sorry for being wrong.:o http://www.unixhub.com/docs/cisco/ccna.html

Mother of God........this is goning to take a bit...

Originally posted by Penguin4x4
Mother of God........this is goning to take a bit...

LMAO thats exactly what I said afer almost an hour of putting these in my firewall and realized I was only halfway done.:D

You can certainly configure a linux box as a firewall, but you better be DAMN sure you know what you're doing or you will be OWNED.

Hey Pyros, do you think you could help me out here? Since you too own a NetGear router, could you download the settings, cut out the [CFILTER KEYWORD] parts and upload it as a TXT file? :)

Good question. Ill let you know as soon as I figure out. :D I havent had this router very long at all and havent done much more than a basic setup.. Im so used to depending on my software firewall I havent messed with the router yet. BTW, which netgear router do you have? I have the RPG614. sorry I can help more at this time. let me know if you find out how to do it.

Pyros, thanks for the info.
I didn't even know that feature was in norton. Just like most people so far I've spent over 30 mins putting them in and seen that I hadn't got 1/2 way. Will have to finish putting them in over the weekend.

A.S

Originally posted by JohnnyTheRed
Don't mean to jack the thread but, would it be any better/safer/more secure to use a linux box as a firewall/router, as compared to using a linksys? I've got 7 computers in my house, and have been using a linksys router, but if its better to use a box with linux on it, then I can go that route too.

Actually some of the linksys routers actually run linux (slashdot article (http://yro.slashdot.org/yro/03/06/08/1749217.shtml?tid=193) ). I know this applies to the WRT54g, and WAP54g. I don't think the BEFSR41 does, but it may just be a little different in how it works (i've looked at the firmware in the same way as the WRT54g, and couldn't find the compressed rom fs in it).

Most off the shelf routers use a cut down proprietary version of linux in one form or another.

bump for a really good and informative thread, :)

vote for sticky!

bump for a really good and informative thread,
vote for sticky!

Thanks guys and I agree. This is very good info to have if your online alot or have broadband. Anyone who is terrorized by popups and spam or have ever been hacked can understand this. :cry: Site like these help make sure our privacy is protected online.:clap: :attn:

*sigh* Well there goes my weekend of fishing now........time to block.

Shouldnt have a problem doing in norton. Dont know which you ar e using, but in 2002 you go to your internet zone control and it has a area for trusted and restricted sites. you then add the ip's to the restricted. On the ones that are listed like this:157.245.19.0/24 for example you would enter them in the using a range selection as follows: starting internet address 157.245.19.0 ending internet address 157.245.19.24. This should restrict complete access to your pc from these ip addresses.

I'm not to sure but 157.245.19.0/24 does't mean 157.245.19.0 - 157.245.19.24 but more like 157.245.19.0 - 157.245.19.253. I can't quite explain it but they have a nice explanation on the page.

Tebore, I believe your right about that. Atleast thats how they explain it. Cant believe I missed that. Seems kind stupid to list it as 0/24 if they mean 0/255.

Quoted from the CCNA notes link on the site:The new way of showing netmask is CIDR addressing which is written as a
slash and a number, i.e. "/24". The slash number represents how many
bits are in the netmask. Thus, a /24 is 24 bits which is a class C address
space (the bits go from left to right [big endian]).
CIDR: 11111111.11111111.11111111.00000000
mask: 255 . 255 . 255 . 0

There are alot of weird address allocations now that CIDR is being
used (the old Class networks are no longer used for the most part).
For instance, a company may have a /23 address space which is:
CIDR: 11111111.11111111.11111110.00000000
mask: 255 . 255 . 254 . 0

A Class A network (/8, 255.0.0.0) can have 2^24 - 2 = 16,777,214 hosts
A Class B network (/16, 255.255.0.0) can have 2^16 - 2 = 65,534 hosts
A Class C network (/24, 255.255.255.0) can have 2^8 - 2 = 253 hosts

It's amazing how much address space is wasted. I once consulted at a
company that had a full Class A allocation, but only had around 80,000
computers in the entire company. (They were also really stupid and put
live addresses on each desktop instead of using private address space
and NAT).

By this I say your right. Still dont see why the had to go and confuse us. ;) Good catch. I will edit my post on this I made earlier. Sorry if this caused anyone some headaches they now have to edit. Of course that only if your blind like me and didnt read that part of the web page discribing this.:o

definitely sticky material :D

Very good information. Now could somone direct me on how to block the ips? I am on a D-link 707p and I dont see anything on its page for outside ip blocking. The searches I have tryed dont seem to turn up anything. Any help for a network configuring noob :D ??

Sticky!

Thanks for the info :D

dont everytime u disconnect and reconnect ur ip changes?

"zone alarm would be a good fire wall"

Originally posted by hatkeeper
dont everytime u disconnect and reconnect ur ip changes?

"zone alarm would be a good fire wall"
Only on dialup I believe.

A word of warning when blocking such a wide range of hosts.

If you block the ip addresses given there all you will really accomplish is limiting your web surfing. (although a slight amount)

Unless you run your own email server blocking those ip addresses will have no effect on the amount of spam you recieve.

Also the list of "spammer" hosts is laughable at best, included is some major Canadian (rogers,cogeco,sympatico) and US (uu,rr) isps domains.

I think a better sticky thread would be information on newer spam filtering technics like Bayesian (http://www.google.ca/search?hl=en&ie=UTF-8&oe=UTF-8&safe=off&q=Bayesian+&btnG=Google+Search&meta=) filtering and other technics that don't take the head in the ground approach.

yeah.. apparently my ISP is on the email block list :)

That's all the major ISPs in the area... if I add those blocks, I won't get any email FROM ANYONE I KNOW.

Although blocking most of asia and latin america may sound like a good idea.. it's 48 million people and/or websites.

If you ask me, it's a good guide, but be careful what you take from it. Right now, if I put all of those filters and blocks to use, I would get no more email, period. And my latino roommate may be miffed that he can't go to any sites from his country. If any of my korean friends used my computer, I'm sure they'd be a little ticked off aswell.

Disclaimer: This list is compiled from various sources on the Internet. This list is provided "as-is" with NO WARRANTY. There is no warranty, implied or otherwise, to the correctness of information provided by this list. In fact, it is highly likely that some and/or all information in this list is INCORRECT OR INCOMPLETE! It is highly likely that you will block some "good" sites if you fully implement all of the various blocks in this list.

This is posted at the top of the website. It clearly states that you will likely block some good sites and some of the addresses may be wrongly put on theses lists.

I dont think that this info will help everyone, but Im sure some will benenfit from this info. After putting all these ip's into my firewall I have received much less pop ups when surfing. It hasnt affected any of my email either. Naturally I wouldnt advise anyone to block all the ip's on the list. I only did so to see how it would effect my web use. I believe the usefulness of this thread should be judge on a individual basis.

If others that have tried this are having more problems than good results I would prefer that this sticky be deleted so that none are misinformed.

It would be nice if some people who have tried this could report back and tell if it has either hurt or helped them.

Originally posted by Pyros
***EDIT*** Since the actual usefulness of this info has been questioned by some I would appreciate it if the people that have tried this could post back and tell if it has helped you, hurt you, or if you have seen no results. If it is found by popular opinion that this is harmful or useless I would prefer it be deleted rather than misinform. Tks.
Pyros

I personally choose not to use the complete list and did a bit more research into the published addresses.. by comparing the information to other lists such as those presented by http://www.spamhaus.org/

I find that since added information into my firewall that certain activitys have reduced greatly and as such the information was of use to me as it made me reconsider some of my configuration settings.

I will not however block complete domains or ISP's.

sticky!

it already is a stickie :rolleyes:

For years I have found that controlling not only the socket ports an application has access to but controlling what host/ip's are allowed conections to be the most important aspect.

layer 4 = ports
layer 3 = ip's routes access lists etc..
> Layer 5 = local apps either listening for incoming or making out going connections... this is the big hole people. A hacker writes a virus to talk on port 80 and wammo. You need to controll the apps, especially for the home user. I actually haven't run a traditional firewall at home for the internet for 15 years. Never got a virus or had a problem because I have always controlled my apps and I have nothing listening for connections. Port 80 is only open to my browser not to my pop3 app etc.. Don't think about ports think about apps.

Not sure what model you are working on there, but the application layer is layer 7 in OSI, and layer 4 in TCP/IP, and there is no "Ports" layer. Ports are part of the protocol suite, so they're defined at layer 3 in both models...

And nowadays, a lot of viruses are written to exploit bugs in programs, so they would be accessing a valid port, and executing viral code, behind a software firewall, even with very restrictive port settings.

Originally posted by su root
Not sure what model you are working on there, but the application layer is layer 7 in OSI, and layer 4 in TCP/IP, and there is no "Ports" layer. Ports are part of the protocol suite, so they're defined at layer 3 in both models...

DOD refers to the upper layers as the app... OSI refers to them that way. Cisco tests ask what layer firewalls work on and the answer is layer 4. Most likely you know as well as I do that that isn't "technically" true. Maybe in a CS school they teach more clear dilineation. I wouldn't know that but I can tell you I have survived and been successful in this field for over 15 years and I have traveled the world doing this work. So I am speaking in the common language of my experience. I don't wish to argue over silly things.


Originally posted by su root
And nowadays, a lot of viruses are written to exploit bugs in programs, so they would be accessing a valid port, and executing viral code, behind a software firewall, even with very restrictive port settings.

That was my point exactly.

I am impressed as all heck, but I wonder why so long since an update was done???

another similar resource can be found at the peer guardian website (http://www.peerguardian.net) . to get their list select 'ip list' from the top and 'download guarding.p2p' from the drop down list.

even better is B.I.S.S (http://www.bluetack.co.uk/convert.html) which allows you convert the file you just downloaded into many different formats, like a ZoneAlarm 4 xml. Woo, no typing.
Warning, zonealarm4pro gave me errors any time i tried to import the list. i switched to outpost with the blockpost plugin and everything worked smoothly.
Warning 2: DO NOT import that whole list into shareaza, it cant hndle it

Another cool trick to stop web spies, trackers, and banner ads is to spoof their domain names in your local host file. Just add these lines to your /etc/hosts file. When your browser tries to contact these sites it will simply go to your local machine (the loopback address) and give up. This will defeat their web bugs!

How do you implement this? I don't understand what he means by /etc/host file

How do you implement this? I don't understand what he means by /etc/host file
In windows, the host file is:
%SystemRoot%\System32\drivers\etc\HOSTS
(Where %SystemRoot% is a variable, usually evaluating to C:\Windows or C:\WinNT)

http://www.accs-net.com/hosts/benefits_restrictions.html

This site explains all about the Host :)


Edit: I was already quite well protected by a small programme called SpyStopper. When I checked the 'Host' file I found the SpyStopper 'host' file sitting next to the win - 'Host' file, when I opened it with notepad I found thousands of entries like the ones below:-


127.0.0.1 ad213.ezcybersearch.com
127.0.0.1 ad213.hpg.com.br
127.0.0.1 ad213.hpg.ig.com.br
127.0.0.1 ad213.paycount.com
127.0.0.1 ad213.popupad.net
127.0.0.1 ad214.erasercash.com
127.0.0.1 ad214.ezcybersearch.com
127.0.0.1 ad214.hpg.com.br
127.0.0.1 ad214.hpg.ig.com.br
127.0.0.1 ad214.paycount.com
127.0.0.1 ad214.popupad.net
127.0.0.1 ad215.erasercash.com
127.0.0.1 ad215.ezcybersearch.com
127.0.0.1 ad215.hpg.com.br
127.0.0.1 ad215.hpg.ig.com.br
127.0.0.1 ad215.paycount.com
127.0.0.1 ad215.popupad.net
127.0.0.1 ad216.erasercash.com
127.0.0.1 ad216.ezcybersearch.com
127.0.0.1 ad216.hpg.com.br
127.0.0.1 ad216.hpg.ig.com.br
127.0.0.1 ad216.paycount.com
127.0.0.1 ad216.popupad.net
127.0.0.1 ad217.erasercash.com
127.0.0.1 ad217.ezcybersearch.com
127.0.0.1 ad217.hpg.com.br
127.0.0.1 ad217.hpg.ig.com.br
127.0.0.1 ad217.paycount.com
127.0.0.1 ad217.popupad.net
127.0.0.1 ad218.erasercash.com
127.0.0.1 ad218.ezcybersearch.com
127.0.0.1 ad218.hpg.com.br
127.0.0.1 ad218.hpg.ig.com.br
127.0.0.1 ad218.paycount.com
127.0.0.1 ad218.popupad.net
127.0.0.1 ad219.erasercash.com
127.0.0.1 ad219.ezcybersearch.com
127.0.0.1 ad219.hpg.com.br
127.0.0.1 ad219.hpg.ig.com.br
127.0.0.1 ad219.paycount.com
127.0.0.1 ad219.popupad.net
127.0.0.1 ad22.erasercash.com
127.0.0.1 ad22.ezcybersearch.com
127.0.0.1 ad22.hpg.com.br

Quite a few of them are on that list posted by Pyro, and tons of them aren't.

Is there a FASTER way to transfer the host names from the www.unixhub.com site? I'll be drawing my pension before I'm done... :-/

edit: cut and past seems to work fine for the localhost 127.0.0.1 assignments, I guess the others will all have to be manually inputed

Thanks for the info!
Although i was using a program which blocks like couple of thousands bad IPs,
including RIAA.

Now i stopped using it because it takes too much system resources (i wonder why :/).

I'll add the IPs you linked to as soon as i figure out how to block IPs with my crappy linksys BEFSR41v2.

Again, thanks fot the info! :D

some more useful info on localhost blocking, a little old but what the heck, enjoy :beer: linky (http://www.ecst.csuchico.edu/%7Eatman/spam/adblock.shtml)


oh, I forgot to add that the linky contains a link that enables you to opt out of DoubleClicks notorious webtracking spyware. :sn:

some more useful info on localhost blocking, a little old but what the heck, enjoy :beer: linky (http://www.ecst.csuchico.edu/%7Eatman/spam/adblock.shtml)


oh, I forgot to add that the linky contains a link that enables you to opt out of DoubleClicks notorious webtracking spyware. :sn:
That one is a short list.

I run my own, compiled from various sources.. my hosts file is almost 600kilobytes! More info here (http://www.blackpacket.net/networking/intermediate/adblock.shtml)

I run my own, compiled from various sources.. my hosts file is almost 600kilobytes! More info here (http://www.blackpacket.net/networking/intermediate/adblock.shtml)

cool su, nice site by the way. I'm thinking about studying networking (more of a career change though)

I see no problem with the RIAA unless you are using P2P stuff to download warez and music, but good list i will have to add some of them in, but not all of them.

Ok I'm way too lazy for all this... so I guess I'm gonna go unprotected :D.

thanks great info !!