Best and most reliable IPfilter?

[the_wind]

I could not find a topic that has already covered my questions, so if seasoned members of the forum can point me to the right location I'd be happy to follow your advice.

My problem is related to ipfilters that I've been using for as long as I remember running P2P clients. I've always liked "normal" BISS IPfilters. However, just a couple of days ago I noticed that while I was the only seed of a torrent, no peers could connect to me. I've tried experimenting with various settings in uTorrent and switching versions, but nothing has changed and my upload was still at 0 bytes. The last resort was disabling ipfilters and I hesitated at first, but then decided to give it a try. As it turned out, the peer has instantly connected to me and the IP address that s/he came from was 92.27.XXX.XXX. It was a surprise to me to find that range blocked by BISS with the following record:

Code:

092.024.000.000 - 092.029.255.255 , 000 , Opal Telec

A WHOIS request told me that the IP belongs to Opal Telecom DSL. So, now I was on quest to find "better" ipfilters that people trust and use on the daily basis. After searching FST forums, I've found many posts and guides that suggest using the same filters from BISS. But one topic had a different suggestion to use Bluetack IPfilters and I decided to compare them. From what I can see Bluetack's filters cover a huge part of BISS filters but the IP address of my peer was not in there, so it looked promising that I'm not dealing with an Anti-P2P spy.

So, now I would like to ask this community to share their opinions about different IPfilters that they use. Are there more providers that worth to be mentioned here? Please let me know which ones you know about and maybe I can create a poll to see the popularity for everyone!

[anon]

I use IpFilterX:
http://ip-filter.emulefuture.de/

It's a pretty small list, unlike the monster-sized ones offered elsewhere. Supposedly, it blocks IPs that have been checked and confirmed to be really bad.

[the_wind]

I use IpFilterX:
http://ip-filter.emulefuture.de/

It's a pretty small list, unlike the monster-sized ones offered elsewhere. Supposedly, it blocks IPs that have been checked and confirmed to be really bad.

Hmmmm. Interesting filter. It currently has 7025 IP ranges (comparing to BISS:264193 and Bluetack:250632). It seems uncomfortably slim to me, personally. One of the basic things that IpFilterX does not cover is:

• IANA Multicast
• IANA Private
• IANA Reserved
• Bogon

I would be a bit nervous if I get a peer from the above ranges since it would be impossible to tell who is hiding behind it. I've seen network privacy programs that alter your TCP/IP stack on the fly and hide it with IP that cannot be traced back to anything on the internet, but I've never used them since I know a lot of people use BISS filters and I would probably never get my UL/DL rate to what I have now.

Let's see if anyone has a different suggestion.

BTW, do you know if I create a poll on this forum, would I be able to add entries to it later? I know some forums do not allow you to do that, so it would be pointless to have a poll with only these 3 filters.

[heiska]

If you want to be safe, you should probably use VPN as you might already know. IMO those filters are just good for the placebo effect.

[zot]

I use IpFilterX:
http://ip-filter.emulefuture.de/

It's a pretty small list, unlike the monster-sized ones offered elsewhere. Supposedly, it blocks IPs that have been checked and confirmed to be really bad.

Apparently, the snot-nosed kids at IpFilterX define as "really bad" anyone who politely turns down 'donation drive' requests. I wonder if they are still blocking Torrentfreak for the crime of saying "no thanks, we can't help you with donations" - and on top of that, spewing out angry rants and empty threats in response?

Code:

TorrentFreak Censored By Anti-Piracy IP Blocklist IpfilterX

Here's a story you don’t read very often.

Most of you probably are aware of those handy blocklists that block IP-ranges of anti-piracy organizations. Well, TorrentFreak is now proudly listed on one of them, IpfilterX.

IpfilterX users who attempt to access our site today are blocked, because we are "LameFreak".

Why you might ask? Well here's the story.

A while ago someone from IpfilterX contacted us to ask if we could help them with their donation drive. We kindly explained that we could not honor the request. Not because we don't want to support them, but because we feel that TorrentFreak is not the best outlet for their message.

We believe that a blocklists should be able to maintain itself by donations from its users, and not by donation drives in news articles. Also, we felt that it wouldn't be fair to all other blocklist operators who work very hard without any compensation.

Unfortunately, this didn’t satisfy the IpfilterX guy, who sent this message back:


Go fuck yourself 

There’s enough to kick your ass lifetime 

Sucker

You only a 2 cent worth writer 

that's it

When P2People changed things you was sucking milk from your mom bobs

You are none

We shall survive somehow

But I swear that I will piss on your face a day

FUCK YOU… You DO NOTHING TO PROTECT USERS

Ignorant useless piece of walking flesh

I hope that a day , because God exists , you will get troubles as many as we got.


Charming isn't it?

Long live censorship!

http://torrentfreak.com/torrentfreak-censored-by-anti-piracy-ip-blocklist-110428/

Sadly, they're not the only blocklist distributor that's been known to engage in juvenile antics.

[anon]

One of the basic things that IpFilterX does not cover is:

• IANA Multicast
• IANA Private
• IANA Reserved
• Bogon

I would be a bit nervous if I get a peer from the above ranges since it would be impossible to tell who is hiding behind it. I've seen network privacy programs that alter your TCP/IP stack on the fly and hide it with IP that cannot be traced back to anything on the internet

You can always add those ranges manually. By the way, even if someone manages to spoof their IP to look like a multicast, private or unallocated block (if those still exist), wouldn't that be pretty useless considering they can't get a reply?

Apparently, the snot-nosed kids at IpFilterX define as "really bad" anyone who politely turns down 'donation drive' requests. I wonder if they are still blocking Torrentfreak for the crime of saying "no thanks, we can't help you with donations" - and on top of that, spewing out angry rants and empty threats in response?

I read about that in TorrentFreak, and definitely don't agree with their actions and childish attitude. However, taking that crap apart, it still looks like a good ipfilter to me, and since I only use it in uTorrent, I'm not affected by TF's IP being blocked.

[the_wind]

If you want to be safe, you should probably use VPN as you might already know. IMO those filters are just good for the placebo effect.

I have not seen a public/free VPN that I could reliably use for torrents. If I'm going to spend my money on a VPN or seedbox, I will have to give the provider my home address for billing. How is it better than my ISP? I think a small company that sell VPN tunnels or seedboxes is more likely to flip and tell all about me. ISP provider is a bigger fish in the sea and might have more power to resist anti-piracy threats against its customers, but 100% privacy still cannot not be guaranteed.

You can always add those ranges manually.

True. It can be easily done with shell scripting. However, my knowledge of all the pieces/ranges that need to be merged is nothing comparing to the knowledge of people who maintain extensive lists (e.g. BISS and Bluetack). I just don't want to invent a bicycle.

By the way, even if someone manages to spoof their IP to look like a multicast, private or unallocated block (if those still exist), wouldn't that be pretty useless considering they can't get a reply?

I might be saying complete nonsense here since it's been many years ago when I read something about altering your TCP/IP stack. However, to return a reply you don't really need to know where the original request came from. Just like NAT hides your final IP address, there could be some ways to specify a fake source IP and the request would still come back properly to your computer. I better stop right now since I might be saying complete bullshit here and might misinform people or get others who know this stuff aggravated.

[anon]

I have not seen a public/free VPN that I could reliably use for torrents.

None of the free services will perform well, simply because they weren't meant for torrenting. If you're into private torrents, it may even be harmful to use them.

True. It can be easily done with shell scripting. However, my knowledge of all the pieces/ranges that need to be merged is nothing comparing to the knowledge of people who maintain extensive lists

This can help:
http://www.iana.org/assignments/ipv4...ress-space.xml

However, to return a reply you don't really need to know where the original request came from.

Yes, you do. It's not possible to return a reply to a host which is using a spoofed address.

Just like NAT hides your final IP address, there could be some ways to specify a fake source IP and the request would still come back properly to your computer.

That's different. NAT routers change the source and destination addresses (along with the checksum) in IP packets on-the-fly so that the private network(s) masqueraded by them can access the Internet, but they possess a public and routable address to send and receive traffic.

[zot]

I have not seen a public/free VPN that I could reliably use for torrents. If I'm going to spend my money on a VPN or seedbox, I will have to give the provider my home address for billing. How is it better than my ISP? I think a small company that sell VPN tunnels or seedboxes is more likely to flip and tell all about me. ISP provider is a bigger fish in the sea and might have more power to resist anti-piracy threats against its customers, but 100% privacy still cannot not be guaranteed.

Those VPN/proxy services that market themselves to P2P users could expect to see their business devastated if word got out that they were keeping logs and turning IP addresses to all who asked. ISPs, however, must keep logs by law in most countries, while VPNs are largely an unregulated industry. People have been ratted out by VPNs for serious crimes when police come knocking, but they're not likely to roll over when the crime is nothing worse than sharing a song or movie.

Anyway, most that use 3rd-party payment processors don't even see your CC details. To be safe, use a prepaid gift card and give a fake home address, so at least you can't be traced that way, assuming that records of those details are kept.

I might be saying complete nonsense here since it's been many years ago when I read something about altering your TCP/IP stack. However, to return a reply you don't really need to know where the original request came from. Just like NAT hides your final IP address, there could be some ways to specify a fake source IP and the request would still come back properly to your computer. I better stop right now since I might be saying complete bullshit here and might misinform people or get others who know this stuff aggravated.

There are several methods to spoof your IP address. Perhaps the most efficient one is by using (spoofing) the IP address of a trusted 3rd-party mediator who will then re-send the ACK packets to the uploader's correct address . Basically, the uploader knows the downloader's true address, but the downloader does not know the uploader's true address, and sends return packets to a 'spoofed' address that bounces them to the correct address. So the packet stream is tri-directional rather than bi-directional like a normal file transfer would be.

The problem is that this method of IP spoofing only works on a minority of ISPs (it's not hard for an ISP to detect fake return addresses being sent) and also only older versions of Windows (I think XP pre-SP1 or SP2) that support raw sockets. So even though working softwares like SUMI were developed, it never really got very far past the 'experimental' stage.

[the_wind]

So, in my search for the best IpFilter, I've tried to play with Bluetack filters for a few days. It was interesting to see a significantly higher rate of blocked peers due to the filter. I understand that this wasn't a true apples-to-apples comparison since peers come and go and torrents were slightly different too, but it seems that Bluetack is not the best for me.

Since switching to IpFilterX is too extreme for me, I'm changing back to BISS filters. One good advantage Bluetack has is that I can automate filter update since they provide a direct link to the latest file. BISS used to be this way many years ago, but because of the high traffic (which also indicates popularity) they've changed to a model which requires you to open the index page with a browser, that will present the link to the latest revision number. So, it is somewhat a hassle to periodically check for updates manually, but since their filters do not change that often, it is not really a problem for me as long as they provide good filters.

I anticipate that many folks here might suggest using VPN tunnels, seedboxes, usenet, etc. but this post is solely about IpFilters and trying to get an idea on which one is the most popular. IpFilters is just another layer in P2P security and remind me of an old joke:

"One must ALWAYS be careful,"- a nun said while putting a condom on the candle.

Request to someone with higher privileges on FST:
Can you please add a poll to this thread to get votes on what IpFilters they use? I'm too young for the Poster role, so I don't have such privilege yet. So far, the poll should have the following choices:

• BISS normal filters
• BISS paranoid filters
• Bluetack normal filters
• Bluetack paranoid filters
• IpFilterX
• Others

Thanks in advance!