Jump to content


Photo

IP Block lists???


  • Please log in to reply
12 replies to this topic

#1 bradcenter

bradcenter

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 17 May 2004 - 09:34 AM

Hi all,

Great site here.

Something I was thinking about... Does anybody know of a list of IP addresses that could just be plugged into a firewall (to protect multiple computers)???

I'm sure it won't get everything, but it could be a nice start.

Thanks,

Rob

#2 mr bones

mr bones

    Member

  • Emeritus
  • Pip
  • 66 posts

Posted 17 May 2004 - 12:02 PM

It could be adapted but why not use this as it's meant to be used.

IESpyAds

Or use your Hosts file to do the work

#3 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 17 May 2004 - 12:48 PM

Why not just buy a router with a firewall?

That'll stop every outside direct attack cold.

Try a Linksys BEFSR41 v3. They're about fifty bucks and include a 4-port 10/100 switch built in.

Edited by Tuxedo Jack, 17 May 2004 - 12:49 PM.

Signature file is under revision. This will be back shortly.

#4 bradcenter

bradcenter

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 18 May 2004 - 07:18 AM

Thanks for the replies.

IE-SPYAD - great if you have a small number of PCs. Same with HOSTS files. I routinely use both of them.

As for a hardware firewall/router - I am using one and it works great.

What I want to do is a little more than this. I would like to see a giant list of IP addresses or ranges that are related to Spyware etc.

I envision this - taking this list, applying it to a firewall (this should work great for the network admins out there) and simply blocking that IP. And every so often, this list gets updated so that others out there simply update their firewalls....

I think this should stop a lot of spyware at the doorstep so to speak...

Thanks all,
Rob

#5 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 18 May 2004 - 08:09 AM

If it was that simple, believe me, we'd all do it.

There are simply too many domains to block short of using a domain-name filtering system.

Where I work, we have AIX boxes doing exactly that, so we don't have to worry about a lot. It's the new ones that we have to worry about, and we deal with those as they come by submitting their domains to the AIX manager, who adds them to the block database.
Signature file is under revision. This will be back shortly.

#6 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 18 May 2004 - 08:36 AM

http://www.geocities...e/firewall.html

Very very long list. It's for kerio firewall, dont know if you can get the raw ips thoguh.

Personally I think it's a bloody waste of time.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#7 The Spie

The Spie

    Member

  • Retired Staff - Helper
  • Pip
  • 68 posts

Posted 20 May 2004 - 12:22 AM

If you're running WinXP, you can use Protowall and the Blocklist Manager, available at Bluetack's site. It's mostly for anti-P2P monitoring, but one of its largest blocklists is anti-spyware. Its advantage is that it works over all protocols. It is, however, a little tetchy to get started and configured (but it's turnkey after that). The Blocklist Manager will keep the blocklists updated and current, and do it pretty much automatically.

I use it in combination with IE-SpyAd and it works like a charm.

#8 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 20 May 2004 - 12:32 AM

Also, if you're using a large HOSTS file to block stuff under Windows 2000, make sure you turn off DNS Client in Services. There are known issues with that service and large HOSTS files - it'll make you take ages to connect to a network.
Signature file is under revision. This will be back shortly.

#9 swpnclr

swpnclr

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 May 2004 - 06:54 AM

With Sygate Personal Firewall 5.5,
Open the Advanced Options, click ADD, then goto PORTS AND PROTOCOLS, Select TCP, two options now appear, in LOCAL box type in 1025 and leave Remote box clear, in the Traffic Direction box select Incomming. Click OK , then OK again...
goto www.grc.com do the shields up, test ur computer, and then thank me... & youre welcome.
carry on soldiers
Swp&Clr


P.S. if this has helped you, please reply and let me know, thanks...
also please note: that this port is prone to the Netsky worm, that is currently running itself all over the world. Dont believe me, see for yourself at the website of Trend Micro, http://housecall.trendmicro.com/ and check out their virus map of the world and which country is getting hit by what... due to the overwhelming amount of people who have this port 1025 open they are susceptible to these worms and trojans.
i hope i have helped. good luck~

#10 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 20 May 2004 - 08:43 AM

If it was that simple, believe me, we'd all do it.

There are simply too many domains to block short of using a domain-name filtering system.

http://www.pyrenean.com/dnsk.php is one of them.

It's like a superior hosts file.

Still it would be nice to block spyware sites by BOTH IP and domain name. Spyware that dialout could conceviably bypass hosts files, by using the ip addresses rather than the domain name.
Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#11 Moore

Moore

    ¤ §LÁYER ¤

  • Full Member
  • Pip
  • 55 posts

Posted 02 June 2004 - 12:30 PM

Yes you could always try the Blocklist manager , which offers daily updated IP blocklists and can convert them to most firewall formats for importing , covering Spyware/Adware/Govt/Milt/Ads and and more.

I think most of Sponge's spyware IP list has already been covered , as well as a lot of the Webhelpers IP research .

worth a look at least.
http://bluetack.co.uk/blmhelp

Edited by Moore, 02 June 2004 - 12:34 PM.


#12 ngkatsaras

ngkatsaras

    Member

  • New Member
  • Pip
  • 1 posts

Posted 25 June 2004 - 01:09 PM

Bradcenter, what did you finally end up doing? I have a Watchguard X700 and want to do the same thing.. put in a list of blocked IP's for crapware sites.

Thanks,

Nick Katsaras

#13 Moore

Moore

    ¤ §LÁYER ¤

  • Full Member
  • Pip
  • 55 posts

Posted 09 July 2004 - 03:13 PM

Well here's two direct links that are updated regularly, covering a lot of known spyware / adware and general internet crap.

http://www.bluetack....fig/spyware.txt
http://www.bluetack....nd-bad-pr0n.txt

you can use the online converter or the Blocklist manager I linked to above for converting the lists into other firewall formats.

http://www.bluetack.co.uk/convert.html

If anyone wants other formats included they can request them and if they can be added to the converter they will be..

A list of supported firewall formats is here:

http://www.bluetack.co.uk/formats.html

I also posted similar info at spyware warrrior to explain things a little bit more , for anyone afraid to visit the bluetack forum. :D

http://www.spywarewa...opic.php?t=3741

Edited by Moore, 09 July 2004 - 03:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button