PeerBlock: avoid detection when downloading from torrent or p2p networks
PeerBlock is an open source IP filtering application partially based on the PeerGuardian code. It is designed to prevent your computer from making undesirable connections, such as to machines flagged for anti p2p activities, corporations, governments, etc. This can significantly decrease your chances of being detected when downloading from p2p or Torrent networks, or of contracting malware/spyware from known sources. PeerBlock is available in portable form and works with all versions of Windows (including XP, Vista, Seven).
If you’ve ever read or heard about ordinary people being sued for downloading files from torrent or other p2p networks, and worried about your own downloading activities, this program is for you. Typically, agencies that are out to detect people’s downloading activity will actually take part in providing the file for download, then attempt to find out as much information about the computers that connect to them as possible.
How it works:
What PeerBlock does is it taps into publicly available lists that classify IP addresses in order to simply avoid "bad" IP addresses. It utilizes the collective wisdom of communities and sites that classify IP addresses (go here for more on where these lists come from). It works much in the same way as a virus killer program in that it is constantly updating the lists of known "bad" IP addresses, even as more of these come into existence.
What kind of protection to expect:
In keeping with the virus killer analogy above, PeerBlock will not necessarily protect you from the latest unknown threat or bad IP, but it will greatly decrease your chances of being detected. Moreover (and this is where the viruskiller analogy ends), PeerBlock will make you harder to detect compared to others on the network; the PeerBlock documentation cites the so-called "bear principle: "when running away from an angry bear you don’t need to be faster than that bear … you only need to be faster than the guy next to you". The Peerblock site also states that "the only way to be safe with P2P downloading is to not share copyrighted content!".
Ease of Use:
What I really like about PeerBlock is that it is very easy to use; all you need to do is run it and specify what kinds of "lists" you would like to be protected from (P2P, Spyware, Advertising, or Education/Universities) and that’s it. It now runs in the background, preventing your computer from connecting to known bad sources, not just for torrent or p2p networks but for (optionally) for general web usage as well. It will also periodically auto-update the lists that it needs to do its job.
Program options:
You can enable or disable PeerBlock at will. You can also set up your own lists if you are so inclined as well as use PeerBlock to block custom IP ranges that you set up (such as the IP range of entire countries). You can allow or disallow IP filtering for HTTP access as well (i.e. regular browsing).
PeerBlock vs. PeerGuardian:
PeerBlock is based on the code from PeerGuardian (v. PG2 RC1 Test3). I would recommend using PeerBlock because it (a) is under development; (b) does not suffer from the kind of bugs that PeerGuardian had, (c) most importantly, runs on XP, Vista, and Windows 7 without hitch. You cannot run both simultaneously.
The verdict:
Convenient, easy to use, and might just save your bacon. Download it and be safe.
Version Tested: 1.0 r181
Compatibility: Windows XP, Vista, Windows 7.
Go to the program home page to download the latest version (approx 800K).
Thanks so much for writing about this program. I’ve been having a lot of trouble with PeerGuardian recently, especially the lists not getting downloaded correctly. It’s nice to see someone else picking up development where they left off.
To be honest there is no real reason for this program to be constantly running. Most P2P programs have a ip filter list that this program could quite easily just update when you run it much the way SpyBlaster does for web browsers. At present I just download the iptable files from http://bit.ly/uUnQw and put it in my uTorrent folder.
Found the program a few months ago, but now that they have the signed driver, it can finally be used on Windows 7 64 bit
And keeping it running is actually not a bad idea: I am amazed how much it filters out. All kinds of MediaSentry pings etc.
Still, it’s great, yet stil only a thin layer of security, so don’t put too much faith in it either
You go, Samer!
I second your opinion all the way, and then some.
One more necessity out of the (search) way.
No need to mention the super light and powerful µTorrent, right?
Surf’s up, dudes and dudettes!
There is a good reason for one of these programs all the time and it is one not listed in the article which is a real shame. That is to protect yourself from attacks and malware.
I have been a PeerGuardian2 user for some time and have a personal story about why I run it all the time unless I am have to temporarily disable it because of conflicts.
I was sent a legitimate file from a friend across the country and it was a DVD of mostly junk and funny things he’d accumulated. To download it it was too big for the email middleman services and Pando, so I asked him to torrent it. To save me download time he made an image file using some commercial shareware program that compressed the image into a proprietary format I had never seen.
After some research I found out what I needed to open it, and that it was pay. I went to the site and their trial version link was down. A moderator told me to download it from their torrent tracker and I did.
That was a mistake. The link went to a pirated version with a little extra payload inside posted on SumoTorrents (had never heard of them). Apparently the board’s posts were hacked.
When installed the malware called the mothership through port80 and said “I’m here!!!” and then another part executed some code then tried to connect back to a bot net as a zombie, probably awaiting orders.
Peer Guardian stopped that. The mothership was trying to contact their malware and Peer Guardian blocked that because it already had the mothership’s IP ranges. They were both using known malware sites, but a range of addresses I had added to avoid a certain known source of unauthorized hardware and software scans.
I couldn’t get rid of the malware, and to add insult to injury the Disk Imaging Software didn’t work on the image I download. I was unable to rebuild my machine for a week so I watched as the mothership and the malware would try again and again and fail to get past peer guardian. Then it got really malicious.
I then suffered a DDoS attack on my personal computer from hundreds if not a thousand IP addresses all co-ordinated to flood my bandwidth and contact the malware.
I then went back in my logs to grep who was sending this originally and to my surprise I found out publicly who owned the mothership, and it was an American Company that was fairly well known at the time. I don’t want to mention names but lets just say the media industries were very familiar with this company and its practices.
I am Canadian and if I had taken this to the police with the evidence I had could technically had the owners of the company extradited because of the cybersecurity laws on both sides of the border at the time. I really didn’t want to get pulled into that to I got a new IP and Network Card (They targeted my MAC too).
I haven’t told people online the name of the company because I want to avoid lawsuits and accusations, but PeerGuardian 2 saved my butt on several occasions.
WolvenSpectre, your American company that you could have taken to the police probably suffers from the very same trojan that attempted to take over your computer. There are script kiddies all over the world that have very large networks of bots, and they use these machines to go after other machines. But go ahead, run down to the police, and then tell them that you stole the “shareware” from a torrent site, and see how quickly they go after your vicious American attacker.
Good luck.
[...] PeerBlock is a little piece of software that you run in parallel with your torrent software that stops it connecting to peers in suspect IP addresses. It’s not just for safer peer-to-peer downloading, you can also use it to prevent your PC from accessing ad-servers, or a range of addresses belonging to entire countries. The software doesn’t guarantee anonymity or protection or anything like that but as some band once said, it’s just another brick in the wall. [Via Freeware Genius] [...]
@ WolvenSpectre: thanks for sharing this story. Wow.. what a malicious scheme you stumbled into.
It is true that I de-emphasized the anti malware aspect of this program in favor of the “downloading torrents without detection” part (although I did mention the anti malware/antispyware function both in the description and again in the body of the text). The reason for this is that this is my primary interest in this software, and I expected that that would be the draw for most readers as well.
Samer
[...] Recommended by : http://www.freewaregenius.com/2009/11/16/peerblock-avoid-detection-when-downloading-from-torrent-or-... [...]
Peerblock is a must have!!
–00–
1. Install\Update to latest µTorrent build.. (1.8.* or 1.9*) ((µTorrent 2.0 optional))
2. Ensure ports are forwarded for bit torrent.. (non standard port recommended)
3. Options >> Preferences >> Advanced >> bt.transp_disposition set to 255
4. >> Bit Torrent > Protocol Encryption > Outgoing: Forced >> Check Allow Legacy Connections..
5. >> Connection >> Set µTorrent forwarded port..
6. >> General >> Associate µTorrent associations >> Install IPV6
7. Click OK..
8. Go to speed guide >> Set you speed profile appropriately..
9. Vista \ Windows 7 – Start > Run *(win-r)* = services.msc
10. Set IP Helper Service to Automatic and ensure it is started..
11. Restart µtorrent.. Ensure port is forwarded and enjoy..
-OPTIONAL SECURITY-
Highly recommended for security.
sites.google.c0m-site-whitehat2k9-Home-my-programs-utorrent-ipfilter-updater (Easy To Use!)
Utilize an ipfilter.dat or program to limit who can connect to your computer!..
—
And\Or
http://www.peerblock.com/
New fork of the PeerGuardian2 project.. ** HIGHLY RECOMMENDED!!**
PeerBlock lets you control who your computer “talks to” on the Internet. By selecting appropriate lists of “known bad” computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been “hacked”, even entire countries! They can’t get in to your computer, and your computer won’t try to send them anything either.
And best of all, it’s free!