Do P2P Blocklists Keep you Safe?

What is a Blocklist?

A blocklist is a list of domains or IP addresses of known and/or suspected spammers originally intended to assist ISPs and corporate domains in blocking email from IP addresses reported to have sent spam. At one time, ISPs and corporate mail administrators turned exclusively to blocklists in an effort to satisfy their customer demands and reduce the impact of spam on their servers.

This approach was effective when spammers didn’t go to so much trouble to hide their identities. Unfortunately ISPs soon found that spam could come from the same servers as good end-user email. And that the use of blocklists also caused them to mistakenly block legitimate email. The industry calls this a “false positive.” In the case of P2P networks such as bittorrent it can help keep you safe from anti-pirarcy organizations…

One of these blocklists is not like the other – vive la difference!

Well-maintained, reputable blocklists operate with clear listing and delisting policies. They provide reliable points of contact and their records are kept up-to-date with current information. SBL (SpamHaus blacklist) and Spam Cop are two such reputable, well- maintained blocklists. Use of these blocklists usually results in a low number of false positives.

Recent findings by researchers from the University of California, Riverside, show that 15% of the IPs people connect to on the Gnutella P2P network are blocked by blocklist applications such as PeerGuardian. Statistics like this do not prove anything about the effectiveness of these lists, however, according to an insider who worked for several anti-piracy organizations, blocklists significantly decrease the risk of getting caught by the MPAA or RIAA.

In a recently published paper, the researchers analyzed the results of a large scale experiment where they examined the number of hits they received from blocklisted IPs in a real P2P network. For a period of 90 days the researchers collected data using three differnet blocklists (PeerGuardian, Bluetack, and Trusty Files) on the Gnutella Network.

Their main conclusion: a user who is not using blocklist software is practically guaranteed to be monitored.

Other conclusions from their research are:

1. 5 blocklist ranges encountered during the experiments contribute to nearly 94% of all the blocklist hits.
2. Most blocklisted IPs belong to government or corporate organizations.
3. Very few blocklisted IPs belong directly to content providers such as record labels.

The researchers also note that the top 15 most encountered IPs operate from so called BOGON IP ranges, which can’t be traced back to a specific owner. This suggests that these sources deliberately want to stay anonymous, which could indicate that they are up to something.

The paper has some interesting findings, and does provide some insight into the workings of blocklists. However, it doesn’t say much about the accuracy and effectiveness of these blocklists.

In an attempt to find an answer, TorrentFreak asked an expert in the field, who worked with several anti-piracy organizations, how effective these lists are. His guess was that approximately 75 – 80% of IPs used by the anti-piracy companies he worked with are on these blocklists. This means that they offer some protection, but that they’re not foolproof.

The cat-and-mouse game between anti-piracy organizations and blocklist managers such as Bluetack will probably continue for a while.

Source

Bottom line? Use blocklists they help!