Nepherte (dot) be

Moblock – Host Based Internet Traffic Filtering

Linux / Software

Tags: , , , ,

October 11, 2008 0

MoBlock is a linux console application that blocks connections from/to hosts listed in a file in peerguardian format (guarding.p2p). It uses iptables ipqueue userspace library and it is very light in resource usage (cpu, ram). So far for the uncomprehensive official explanation. Basically it’s just an application that enables you to block internet traffic based on large lists of IP address ranges in order to protect your privacy…and who doesn’t want privacy right?

The favourite appliance for most people is to obscure their illegal torrent traffic but they often don’t realise it can also be used to block spam, adware and hijacked systems part of a bot network, a far more useful purpose. The available block lists with their description are (I might have missed one or two):

  • Microsoft: This list covers all the known Microsoft Corp ranges.
    It also covers all their known associated IP ranges from around the world.
  • Ads-trackers-and-bad-pr0n: This list contains advertising trackers and a short list of bad/intrusive porn sites. Use this list if you want to block advertising items that appear on websites while you surf.
  • Bogon: This list is automatically generated daily from a list published at CompleteWhois. Bogons is the name used to describe IP blocks not allocated by IANA and RIRs to ISPs and organizations plus all other IP blocks that are reserved for private or special use by RFCs (the actual term bogons comes from word bogus, as in bogus IP announcements). As these IP blocks are not allocated or specially reserved, such IP blocks should not be routable and used on the internet, however some of these IP blocks do appear on the net primarily used by those individuals and organizations that are often specifically trying to avoid being identified and are often involved in such activities as DoS attacks, email abuse, hacking and other security problems. These activities obviously pose great danger to everyone and ISPs should try to filter all these bad IP routes and we are trying to help in that by working to create complete detailed list of unassigned bogon ips based on whois data.
  • Dshield: This list contains known Hackers and such people in it. More information can be found at the DShield Website.
  • Edu: This list contains all known Educational Institutions – University IP ranges.
  • Fornonlancomputers: Non-LAND list 0.*, 10.* and 192.168.*.
  • Hijacked: This list is automatically updated from CompleteWhois. Hijacked IP space are IP blocks that are being used without permission by organizations that have no relation to original organization (or its legal successor) that received the IP block. In essence it’s stealing of somebody else’s IP resources.
  • Iana-multicast: IANA multicast addresses.
  • Iana-private: IANA private addresses.
  • Level1: This list blocks known anti-p2p companies. It contains p2p trackers like Mediasentry, Mediaforce, and known fake p2p file sources from companies like Overpeer. The list also contains all known Government – Military – Science – Research Labs and Bad Education facilities IP addresses collected by the Bluetack Team. Basically this list will block all kinds of internet connections that most people would rather not have during their internet travels.
  • Level2: The Level 2 blocklist includes Banks, Financial Institutions, Corporations etc…
  • Level3: This list contains ranges that don’t fit into the Level1 or Level2 Lists. This ranges are minor threads but some people don’t like those ranges to connect to them. Be aware that you might block at lot of stuff while surfing with this list. Akamai server, Yahoo ranges, dodgy ISP’s for example are part of this list.
  • Proxy: Tor and miscellaneous proxies.
  • Spider: This list is intended to be used by webmasters to block hostile spiders from their web sites. Automated software programs also known as spiders or bots, survey the Web and build their databases for search engines and some are used to track people down to automatically serve them with copyright violation notices.
  • Spyware: This list is a compilation of known malicious SPYWARE and ADWARE IP Address ranges. It is compiled from various sources, including other available Spyware Blacklists, HOSTS files, from research found at many of the top Anti-Spyware forums, logs of Spyware victims and also from the Malware Research Section here at Bluetack.
  • Temp: This is a list of people who have been reported for bad deeds in p2p. Having files that contain viruses and many other things.

A hell of a list, but quite useful too. If you’re not into the whole “command line thing”, there also exists a graphical user friendly front-end called Mobloquer.

Most linux distributions allow you to install moblock with their package manager, otherwise you have to compile it yourself. Ubuntu has extensively documented information about moblock. You can find it here: https://help.ubuntu.com/community/MoBlock. When you start moblock, it is likely you don’t have a internet connection anymore as moblock is blocking it. You can get your internet back by whitelisting your local area network, for example192.168.0.0/24 . It is also possible to access ip addresses that are included in the block lists through a specific port. In order to do so, you have to white list it. As mentioned before, configuration can be done in the terminal (by edithing /etc/moblock/moblock.conf) or in mobloquer.

Leave a Reply