Slyck.com
 
Slyck Chatbox - And More

MediaDefender Leak Offers BlueTack Users a Reality Check

Discuss Slyck's latest news
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

MediaDefender Leak Offers BlueTack Users a Reality Check

Postby IceCube » Tue Oct 02, 2007 3:23 pm

The Media Defender internal email leak offered plenty of information for the taking. MediaDefender-Defenders said that they hoped that the email leak will prove to be a viable tool to protect against anti-P2P efforts. This is something BlueTack has been trying to do. After the email leak, a text file that compiles the complete IP (Internet Protocol) list Media Defender used while dropping fake files onto various P2P sites and networks was posted. While judging the effectiveness of these lists had proven to be an impossible task before the major leak, the effectiveness can now be tested.

Slyck began the investigation when BlueTack's 'Paranoid' IP filter blocked one of TVUnderground's new eDonkey2000 servers. A request for comment or information on the matter to BlueTack's team went unanswered. To this day, why BlueTack has blocked only one of TVUnderground's servers is unknown. In the meantime, Slyck is currently in the possession of a copy of BlueTack's IP filter lists, and further investigation into related matters appeared warranted.

According to the BlueTack website, "B.I.S.S. is a site dedicated to improving the safety and awareness of all our members and guests, providing News, Security articles, Software Reviews, Technical Support, Guides, IP Research and Free Software needed to help us keep our connections to the net and each other safe, secure, and free from unwelcome intruders."

Among the things offered are the blocklists, which have been met with either acceptance by the file-sharing community or complete rejection. Some say that the blocklists allow users to simply block any anti-filesharing company and allow users to connect with non-industry IPs. Others say that there is no way to get the right IPs before the IPs are changed to different addresses, thereby rendering the filters ineffective. It's been the subject of debate for quite some time amongst many experts with no real way to test the lists, at least until the Media Defender email leak.

The 'Paranoid' eMule IP filter was retrieved on September 27, 2007. The Level1 IP blacklist, which is supposed to block all known anti-p2p IPs, was retrieved on September 30, 2007. The idea behind getting these lists now is to offer ample time for Media Defender's now public IPs to be added to the lists for a much more effective blocklist for PeerGuardian users.

Slyck then obtained a copy of the publicly available 14.3MB compressed text file which lists all of the Media Defender's IP addresses. At this point, it became obvious that testing such a large volume of IPs would prove to be an overly time-consuming challenge, at least by hand. In order to alleviate this problem, it was best to test one particular IP range. Conveniently enough, the first range started with 116. Slyck then decided to test all of the IPs that started with the number 116.

The total number of IPs used by Media Defender starting with 116 was 1,474. Obviously, BlueTack did block all IPs that started with 116, but how many Media Defender IPs were successfully blocked? When Slyck investigated, there was a common theme that blocklists seemingly jumped over several ranges used by Media Defender. After some extensive study using the Level1 list for anti-p2p companies and the 'Paranoid' list, BlueTack would have successfully blocked 16 IPs. Thus, this sample test offered 1.09% protection against Media Defender in that range.

The IPs that were successfully blocked were: 116.255.1.109, 116.255.1.154, 116.255.1.244, 116.255.1.27, 116.255.1.52, 116.255.1.85, 116.215.157.243, 116.212.14.223, 116.199.202.170, 116.199.202.240, 116.199.207.83, 116.199.207.84, 116.199.226.78 , 116.199.227.11, 116.199.227.27, 116.199.227.67. The remaining 1,458 IPs would still be allowed through even with these two filters being used today.

While BlueTack may still perpetuate the idea that their filters are 99% effective, these latest findings will only fuel criticisms towards BlueTack's actual effectiveness. A complete test might not be possible short of creating a simple program to test every single number or spending weeks hand-testing every single Media Defender IP address. In the mean ime, it seems very apparent that BlueTack's filters have a few holes.
User avatar
IceCube
 
Posts: 17079
Joined: Tue Jun 14, 2005 5:31 pm
Location: Igloo Country?

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby LANjackal » Tue Oct 02, 2007 3:48 pm

Further proof blocklists don't work?
Follow me around the internet!
[Windows 7 Pro x64 (Primary OS)
User avatar
LANjackal
 
Posts: 5895
Joined: Thu Feb 26, 2004 1:58 pm
Location: Various networks. In the physical world I'm an adaptive AI that pretends to be human

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby olephart » Tue Oct 02, 2007 3:57 pm

Add the following line to your blobklist to block all anti-p2p ip addys.

Everything:0.0.0.0-255.255.255.255

:mrgreen:
User avatar
olephart
 
Posts: 142
Joined: Thu Jul 19, 2007 7:33 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby qm2003 » Tue Oct 02, 2007 3:59 pm

I dare to allege the Gnutella IP collection consists mainly of ordinary Gnutella user's IPs with a small portion of IPs actually used by MD.

Has anyone confirmed the authenticity of this IP collection that supposedly consist of MD ips only or verified it by themselves from the original database ?
How to setup Emule. A small checklist Schmu's MuleDoc
P2P is not piracy, it's marketing. In fact, if your music or movie is NOT being downloaded, you should be WORRIED !
If you can't even give it away for free, how do you expect to sell it, stupid ?
qm2003
 
Posts: 852
Joined: Fri Sep 02, 2005 8:11 am

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby the5cardstud » Tue Oct 02, 2007 4:56 pm

qm2003 wrote:Has anyone confirmed the authenticity of this IP collection that supposedly consist of MD ips only or verified it by themselves from the original database ?


I am convinced that it is not authentic. I did a reverse lookup on 500 or so somewhat randomly picked addresses from the 5.3 million addresses in that list. Look at the results -- it's pretty clear that the vast majority of the items in the list are residential dynamic IP addresses from all over the world.

Code: Select all
12.183.76.23 host-12-183-76-23.shenhgts.net.
12.183.76.234 host-12-183-76-234.shenhgts.net.
121.223.76.219 CPE-121-223-76-219.qld.bigpond.net.au.
121.223.76.251 CPE-121-223-76-251.qld.bigpond.net.au.
122.163.76.29 ABTS-NCR-Dynamic-029.76.163.122.airtelbroadband.in.
124.183.76.20 CPE-124-183-76-20.nsw.bigpond.net.au.
124.183.76.206 CPE-124-183-76-206.nsw.bigpond.net.au.
124.183.76.220 CPE-124-183-76-220.nsw.bigpond.net.au.
124.183.76.26 CPE-124-183-76-26.nsw.bigpond.net.au.
125.163.76.203 203.subnet125-163-76.speedy.telkom.net.id.
125.163.76.218 218.subnet125-163-76.speedy.telkom.net.id.
125.163.76.250 250.subnet125-163-76.speedy.telkom.net.id.
125.163.76.26 26.subnet125-163-76.speedy.telkom.net.id.
130.13.76.233 VDSL-130-13-76-233.PHNX.QWEST.NET.
130.13.76.246 VDSL-130-13-76-246.PHNX.QWEST.NET.
131.203.76.243
131.203.76.28 ecafe.clients.fishnet.net.nz.
137.143.76.208 wasp-76-208.potsdam.edu.
138.73.76.229 resnet-76-229.mta.ca.
141.153.76.210 pool-141-153-76-210.clrk.east.verizon.net.
142.163.76.208 stjhnf0120w-142163076208.pppoe-dynamic.nl.aliant.net.
142.163.76.226 stjhnf0120w-142163076226.pppoe-dynamic.nl.aliant.net.
142.163.76.237 stjhnf0120w-142163076237.pppoe-dynamic.nl.aliant.net.
148.223.76.222 customer-148-223-76-222.uninet-ide.com.mx.
151.23.76.238
151.23.76.239
152.33.76.205 eu76-205.elon.edu.
162.83.76.203 pool-162-83-76-203.fred.east.verizon.net.
162.83.76.210 pool-162-83-76-210.fred.east.verizon.net.
163.153.76.213
168.103.76.213 168-103-76-213.hlrn.qwest.net.
168.103.76.22 168-103-76-22.hlrn.qwest.net.
172.143.76.234 AC8F4CEA.ipt.aol.com.
172.163.76.209 ACA34CD1.ipt.aol.com.
172.163.76.219 ACA34CDB.ipt.aol.com.
172.163.76.25 ACA34C19.ipt.aol.com.
172.203.76.21 ACCB4C15.ipt.aol.com.
172.203.76.248 ACCB4CF8.ipt.aol.com.
172.203.76.251 ACCB4CFB.ipt.aol.com.
172.213.76.220 ACD54CDC.ipt.aol.com.
172.213.76.226 ACD54CE2.ipt.aol.com.
189.13.76.26 18913076026.user.veloxzone.com.br.
189.143.76.219 dsl-189-143-76-219.prod-infinitum.com.mx.
189.153.76.233 dsl-189-153-76-233.prod-infinitum.com.mx.
189.153.76.236 dsl-189-153-76-236.prod-infinitum.com.mx.
189.153.76.25 dsl-189-153-76-25.prod-infinitum.com.mx.
189.153.76.251 dsl-189-153-76-251.prod-infinitum.com.mx.
189.163.76.206 dsl-189-163-76-206.prod-infinitum.com.mx.
189.163.76.241 dsl-189-163-76-241.prod-infinitum.com.mx.
189.163.76.25 dsl-189-163-76-25.prod-infinitum.com.mx.
189.173.76.251 dsl-189-173-76-251.prod-infinitum.com.mx.
189.193.76.220 customer-PUE-76-220.megared.net.mx.
190.43.76.245
190.43.76.251
194.183.76.248 ppp76-248.intelcom.sm.
195.23.76.22 195-23-76-22.net.novis.pt.
196.43.76.228 228.76-43-196.home.dhcp.dsm.ttcldata.net.
198.53.76.208 d198-53-76-208.abhsia.telus.net.
198.53.76.227 d198-53-76-227.abhsia.telus.net.
198.53.76.254 d198-53-76-254.abhsia.telus.net.
200.193.76.228 200-193-76-228.fnsce703.dsl.brasiltelecom.net.br.
200.203.76.200 200-203-76-200.cslce701.dsl.brasiltelecom.net.br.
200.203.76.211 200-203-76-211.cslce701.dsl.brasiltelecom.net.br.
200.203.76.216 200-203-76-216.cslce701.dsl.brasiltelecom.net.br.
200.203.76.247 200-203-76-247.cslce701.dsl.brasiltelecom.net.br.
201.13.76.200 201-13-76-200.dsl.telesp.net.br.
201.13.76.202 201-13-76-202.dsl.telesp.net.br.
201.13.76.208 201-13-76-208.dsl.telesp.net.br.
201.13.76.210 201-13-76-210.dsl.telesp.net.br.
201.13.76.26 201-13-76-26.dsl.telesp.net.br.
201.203.76.210
201.243.76.219 201-243-76-219.dyn.dsl.cantv.net.
201.243.76.233 201-243-76-233.dyn.dsl.cantv.net.
201.43.76.224 201-43-76-224.dsl.telesp.net.br.
201.53.76.27 c9354c1b.virtua.com.br.
201.83.76.205 c9534ccd.virtua.com.br.
201.83.76.253 c9534cfd.virtua.com.br.
202.133.76.23
206.53.76.230 d-206-53-76-230.metrocast.net.
206.53.76.235 d-206-53-76-235.metrocast.net.
209.143.76.205
209.33.76.208
209.33.76.215
209.33.76.223
209.33.76.225
209.33.76.237
209.33.76.243
210.213.76.200
210.213.76.211
212.83.76.207 b76207.upc-b.chello.nl.
213.143.76.218 tm.213.143.76.218.d.telemach.net.
213.143.76.230 tm.213.143.76.230.d.telemach.net.
213.3.76.200 200.76.3.213.cust.bluewin.ch.
213.3.76.216 216.76.3.213.cust.bluewin.ch.
213.3.76.23 23.76.3.213.cust.bluewin.ch.
213.93.76.235 e76235.upc-e.chello.nl.
213.93.76.250 e76250.upc-e.chello.nl.
216.43.76.238 216-43-76-238.dsl.mcleodusa.net.
217.113.76.242 242.240-28.76.113.217.in-addr.arpa.
217.233.76.202 pD9E94CCA.dip.t-dialin.net.
217.233.76.236 pD9E94CEC.dip.t-dialin.net.
217.43.76.202 host217-43-76-202.range217-43.btcentralplus.com.
217.43.76.206 host217-43-76-206.range217-43.btcentralplus.com.
217.43.76.236 host217-43-76-236.range217-43.btcentralplus.com.
217.93.76.243 pD95D4CF3.dip.t-dialin.net.
217.93.76.246 pD95D4CF6.dip.t-dialin.net.
220.253.76.218 dsl-220-253-76-218.NSW.netspace.net.au.
220.53.76.28 softbank220053076028.bbtec.net.
222.153.76.225 222-153-76-225.jetstream.xtra.co.nz.
222.153.76.227 222-153-76-227.jetstream.xtra.co.nz.
222.153.76.233 222-153-76-233.jetstream.xtra.co.nz.
222.153.76.234 222-153-76-234.jetstream.xtra.co.nz.
222.153.76.243 222-153-76-243.jetstream.xtra.co.nz.
222.3.76.217 ZH076217.ppp.dion.ne.jp.
24.113.76.222 24-113-76-222.wavecable.com.
24.113.76.224 24-113-76-224.wavecable.com.
24.123.76.254 rrcs-24-123-76-254.central.biz.rr.com.
24.13.76.203 c-24-13-76-203.hsd1.il.comcast.net.
24.143.76.241 c24-143-76-241.sea2.cablespeed.com.
24.163.76.235 cpe-024-163-076-235.nc.res.rr.com.
24.193.76.208 cpe-24-193-76-208.nyc.res.rr.com.
24.193.76.229 cpe-24-193-76-229.nyc.res.rr.com.
24.203.76.22 modemcable022.76-203-24.mc.videotron.ca.
24.203.76.240 modemcable240.76-203-24.mc.videotron.ca.
24.203.76.253 modemcable253.76-203-24.mc.videotron.ca.
24.23.76.20 c-24-23-76-20.hsd1.mn.comcast.net.
c-24-23-76-20.hsd1.mi.comcast.net.
24.233.76.219 219.76.233.24.cpe.beld.net.
dhcp-0-40-2b-37-c1-2b.cpe.beld.net.
24.233.76.233 233.76.233.24.cpe.beld.net.
dhcp-0-18-39-3f-54-f.cpe.beld.net.
24.233.76.237 237.76.233.24.cpe.beld.net.
dhcp-0-13-46-4-97-b4.cpe.beld.net.
24.233.76.252 252.76.233.24.cpe.beld.net.
24.253.76.239 ip24-253-76-239.lv.lv.cox.net.
24.3.76.24 c-24-3-76-24.hsd1.mn.comcast.net.
c-24-3-76-24.hsd1.pa.comcast.net.
24.3.76.240 c-24-3-76-240.hsd1.mn.comcast.net.
c-24-3-76-240.hsd1.pa.comcast.net.
24.33.76.201 cpe-24-33-76-201.cinci.res.rr.com.
24.33.76.202 cpe-24-33-76-202.cinci.res.rr.com.
24.33.76.212 cpe-24-33-76-212.cinci.res.rr.com.
24.33.76.214 cpe-24-33-76-214.cinci.res.rr.com.
24.33.76.226 cpe-24-33-76-226.cinci.res.rr.com.
24.63.76.227 c-24-63-76-227.hsd1.ma.comcast.net.
24.63.76.251 c-24-63-76-251.hsd1.ma.comcast.net.
24.83.76.233 S01060016cb9e1e38.vs.shawcable.net.
41.233.76.205 host-41.233.76.205.tedata.net.
41.243.76.226 dsl-243-76-226.telkomadsl.co.za.
58.173.76.254
58.173.76.29
59.93.76.206
59.93.76.233
60.53.76.20
60.53.76.232
60.53.76.241
60.53.76.244
62.143.76.229 ip229.76.1311A-CUD12K-01.ish.de.
62.163.76.230 a76230.upc-a.chello.nl.
62.163.76.247 a76247.upc-a.chello.nl.
62.163.76.25 a76025.upc-a.chello.nl.
62.203.76.242 242.76.203.62.cust.bluewin.ch.
62.253.76.23 m23-mp3.cvx1-c.bre.dial.ntli.net.
62.253.76.25 m25-mp3.cvx1-c.bre.dial.ntli.net.
63.23.76.217 1Cust3289.an2.cle11.da.uu.net.
64.193.76.211 64-193-76-211.jck.clearwire-dns.net.
64.53.76.20 dial-20.r22.tnwabg.infoave.net.
64.53.76.200 dial-200.r22.tnwabg.infoave.net.
65.13.76.208 adsl-065-013-076-208.sip.bct.bellsouth.net.
65.13.76.229 adsl-065-013-076-229.sip.bct.bellsouth.net.
65.33.76.226 226.76.33.65.cfl.res.rr.com.
66.183.76.246 d66-183-76-246.bchsia.telus.net.
66.183.76.28 d66-183-76-28.bchsia.telus.net.
66.233.76.209 66-233-76-209.chc.clearwire-dns.net.
66.53.76.21 66-53-76-21.phnx.mdsg-pacwest.com.
66.53.76.249 66-53-76-249.phnx.mdsg-pacwest.com.
67.143.76.238 dpc6714376238.direcpc.com.
67.143.76.249 dpc6714376249.direcpc.com.
67.163.76.221 c-67-163-76-221.hsd1.il.comcast.net.
67.163.76.248 c-67-163-76-248.hsd1.il.comcast.net.
67.173.76.205 c-67-173-76-205.hsd1.il.comcast.net.
67.173.76.238 c-67-173-76-238.hsd1.il.comcast.net.
67.173.76.248 c-67-173-76-248.hsd1.il.comcast.net.
67.183.76.224 c-67-183-76-224.hsd1.wa.comcast.net.
67.83.76.227 ool-43534ce3.dyn.optonline.net.
67.83.76.249 ool-43534cf9.dyn.optonline.net.
68.103.76.207 ip68-103-76-207.ks.ok.cox.net.
68.103.76.227 ip68-103-76-227.ks.ok.cox.net.
68.103.76.241 ip68-103-76-241.ks.ok.cox.net.
68.103.76.28 ip68-103-76-28.ks.ok.cox.net.
68.13.76.219 ip68-13-76-219.om.om.cox.net.
68.13.76.25 ip68-13-76-25.om.om.cox.net.
68.13.76.250 ip68-13-76-250.om.om.cox.net.
68.13.76.27 ip68-13-76-27.om.om.cox.net.
68.193.76.218 ool-44c14cda.dyn.optonline.net.
68.193.76.22 ool-44c14c16.dyn.optonline.net.
68.193.76.223 ool-44c14cdf.dyn.optonline.net.
68.203.76.2 2.76.203.68.cfl.res.rr.com.
68.203.76.217 217.76.203.68.cfl.res.rr.com.
68.223.76.25 adsl-223-76-25.aep.bellsouth.net.
68.33.76.228 c-68-33-76-228.hsd1.md.comcast.net.
68.33.76.29 c-68-33-76-29.hsd1.md.comcast.net.
68.43.76.28 c-68-43-76-28.hsd1.mi.comcast.net.
68.53.76.206 c-68-53-76-206.hsd1.tn.comcast.net.
68.53.76.244 c-68-53-76-244.hsd1.tn.comcast.net.
68.83.76.246 c-68-83-76-246.hsd1.pa.comcast.net.
69.113.76.221 ool-45714cdd.dyn.optonline.net.
69.113.76.249 ool-45714cf9.dyn.optonline.net.
69.133.76.203 cpe-69-133-76-203.columbus.res.rr.com.
69.133.76.225 cpe-69-133-76-225.columbus.res.rr.com.
69.143.76.218 c-69-143-76-218.hsd1.md.comcast.net.
69.143.76.22 c-69-143-76-22.hsd1.md.comcast.net.
69.143.76.220 c-69-143-76-220.hsd1.md.comcast.net.
69.143.76.225 c-69-143-76-225.hsd1.md.comcast.net.
69.143.76.23 c-69-143-76-23.hsd1.md.comcast.net.
69.143.76.252 c-69-143-76-252.hsd1.md.comcast.net.
69.153.76.248 ppp-69-153-76-248.dsl.snantx.swbell.net.
69.203.76.224 cpe-69-203-76-224.nyc.res.rr.com.
69.203.76.230 cpe-69-203-76-230.nyc.res.rr.com.
69.223.76.20 ppp-69-223-76-20.dsl.dytnoh.ameritech.net.
69.223.76.238 ppp-69-223-76-238.dsl.dytnoh.ameritech.net.
69.23.76.209 CPE-69-23-76-209.new.res.rr.com.
69.23.76.253 CPE-69-23-76-253.new.res.rr.com.
69.243.76.20 c-69-243-76-20.hsd1.md.comcast.net.
69.243.76.207 c-69-243-76-207.hsd1.md.comcast.net.
69.253.76.24 c-69-253-76-24.hsd1.nj.comcast.net.
69.253.76.25 c-69-253-76-25.hsd1.nj.comcast.net.
69.253.76.27 c-69-253-76-27.hsd1.nj.comcast.net.
69.33.76.226 ip-69-33-76-226.mia.megapath.net.
69.73.76.217 user-69-73-76-217.knology.net.
70.113.76.223 cpe-70-113-76-223.austin.res.rr.com.
70.113.76.253 cpe-70-113-76-253.austin.res.rr.com.
70.133.76.237 adsl-70-133-76-237.dsl.scrm01.sbcglobal.net.
70.133.76.241 adsl-70-133-76-241.dsl.scrm01.sbcglobal.net.
70.143.76.217 adsl-70-143-76-217.dsl.pltn13.sbcglobal.net.
70.153.76.201 adsl-153-76-201.lft.bellsouth.net.
70.153.76.202 adsl-153-76-202.lft.bellsouth.net.
70.153.76.204 adsl-153-76-204.lft.bellsouth.net.
70.153.76.227 adsl-153-76-227.lft.bellsouth.net.
70.153.76.229 adsl-153-76-229.lft.bellsouth.net.
70.153.76.246 adsl-153-76-246.lft.bellsouth.net.
70.153.76.247 adsl-153-76-247.lft.bellsouth.net.
70.153.76.28 adsl-153-76-28.lft.bellsouth.net.
70.173.76.210 ip70-173-76-210.lv.lv.cox.net.
70.173.76.213 ip70-173-76-213.lv.lv.cox.net.
70.173.76.23 ip70-173-76-23.lv.lv.cox.net.
70.23.76.222 pool-70-23-76-222.ny325.east.verizon.net.
70.253.76.206 ppp-70-253-76-206.dsl.austtx.swbell.net.
70.253.76.228 ppp-70-253-76-228.dsl.austtx.swbell.net.
70.253.76.26 ppp-70-253-76-26.dsl.austtx.swbell.net.
70.3.76.200 032-455-187.area7.spcsdns.net.
70.43.76.219 70.43.76.219.nw.nuvox.net.
70.63.76.227 rrcs-70-63-76-227.midsouth.biz.rr.com.
70.73.76.235 S01060014bf7aba1d.cg.shawcable.net.
70.83.76.201 modemcable201.76-83-70.mc.videotron.ca.
70.83.76.203 modemcable203.76-83-70.mc.videotron.ca.
70.83.76.233 modemcable233.76-83-70.mc.videotron.ca.
70.83.76.238 modemcable238.76-83-70.mc.videotron.ca.
70.83.76.245 modemcable245.76-83-70.mc.videotron.ca.
70.83.76.254 modemcable254.76-83-70.mc.videotron.ca.
70.83.76.27 modemcable027.76-83-70.mc.videotron.ca.
71.103.76.2 pool-71-103-76-2.lsanca.dsl-w.verizon.net.
71.103.76.201 pool-71-103-76-201.lsanca.dsl-w.verizon.net.
71.103.76.253 pool-71-103-76-253.lsanca.dsl-w.verizon.net.
71.113.76.2 pool-71-113-76-2.sttlwa.dsl-w.verizon.net.
71.113.76.244 pool-71-113-76-244.sttlwa.dsl-w.verizon.net.
71.123.76.2 pool-71-123-76-2.wma.east.verizon.net.
71.163.76.208 pool-71-163-76-208.washdc.east.verizon.net.
71.163.76.22 pool-71-163-76-22.washdc.east.verizon.net.
71.163.76.28 pool-71-163-76-28.washdc.east.verizon.net.
71.193.76.218 c-71-193-76-218.hsd1.mi.comcast.net.
71.193.76.223 c-71-193-76-223.hsd1.mi.comcast.net.
71.213.76.200 71-213-76-200.slkc.qwest.net.
71.213.76.226 71-213-76-226.slkc.qwest.net.
71.223.76.223 71-223-76-223.phnx.qwest.net.
71.233.76.215 c-71-233-76-215.hsd1.ma.comcast.net.
71.253.76.2 pool-71-253-76-2.pitbpa.east.verizon.net.
71.253.76.20 pool-71-253-76-20.pitbpa.east.verizon.net.
71.253.76.222 pool-71-253-76-222.pitbpa.east.verizon.net.
71.253.76.237 pool-71-253-76-237.pitbpa.east.verizon.net.
71.253.76.26 pool-71-253-76-26.pitbpa.east.verizon.net.
71.33.76.208 71-33-76-208.tcsn.qwest.net.
71.33.76.248 71-33-76-248.tcsn.qwest.net.
71.53.76.245 or-71-53-76-245.dhcp.embarqhsd.net.
71.53.76.26 or-71-53-76-26.dhcp.embarqhsd.net.
71.63.76.202 c-71-63-76-202.hsd1.va.comcast.net.
71.63.76.238 c-71-63-76-238.hsd1.va.comcast.net.
71.63.76.254 c-71-63-76-254.hsd1.va.comcast.net.
71.93.76.201 71-93-76-201.dhcp.reno.nv.charter.com.
71.93.76.209 71-93-76-209.dhcp.reno.nv.charter.com.
72.143.76.227 CPE0001803b9237-CM00195ed25752.cpe.net.cable.rogers.com.
72.143.76.234 CPE001839b2bd1a-CM0014045ab452.cpe.net.cable.rogers.com.
72.143.76.239 CPE001217083ab9-CM0014e88f6022.cpe.net.cable.rogers.com.
72.193.76.2 ip72-193-76-2.lv.lv.cox.net.
72.193.76.214 ip72-193-76-214.lv.lv.cox.net.
72.193.76.250 ip72-193-76-250.lv.lv.cox.net.
72.23.76.212 dynamic-acs-72-23-76-212.zoominternet.net.
72.243.76.234
72.83.76.228 pool-72-83-76-228.washdc.east.verizon.net.
72.83.76.24 pool-72-83-76-24.washdc.east.verizon.net.
72.83.76.242 pool-72-83-76-242.washdc.east.verizon.net.
74.103.76.26
74.113.76.218 CPE00032f3097a3-CM0012c99f00e8.cpe.net.cable.rogers.com.
74.123.76.233
74.13.76.2 bas14-toronto63-1242385410.dsl.bell.ca.
74.13.76.229 bas14-toronto63-1242385637.dsl.bell.ca.
74.13.76.241 bas14-toronto63-1242385649.dsl.bell.ca.
74.173.76.218 adsl-074-173-076-218.sip.bct.bellsouth.net.
74.183.76.254 adsl-074-183-076-254.sip.ags.bellsouth.net.
74.193.76.212 r74-193-76-212.pfvlcmta01.grtntx.tl.dh.suddenlink.net.
74.193.76.218 r74-193-76-218.pfvlcmta01.grtntx.tl.dh.suddenlink.net.
74.193.76.232 r74-193-76-232.pfvlcmta01.grtntx.tl.dh.suddenlink.net.
74.193.76.237 r74-193-76-237.pfvlcmta01.grtntx.tl.dh.suddenlink.net.
74.193.76.246 r74-193-76-246.pfvlcmta01.grtntx.tl.dh.suddenlink.net.
74.213.76.22
74.213.76.222 ;; Warning: ID mismatch: expected ID 2656, got 21381
74.213.76.231 ;; Warning: ID mismatch: expected ID 7958, got 2656
74.33.76.236 74-33-76-236.dr01.jrdn.mn.frontiernet.net.
74.73.76.234 cpe-74-73-76-234.nyc.res.rr.com.
75.13.76.222 adsl-75-13-76-222.dsl.ksc2mo.sbcglobal.net.
75.13.76.249 adsl-75-13-76-249.dsl.ksc2mo.sbcglobal.net.
75.153.76.203 d75-153-76-203.bchsia.telus.net.
75.153.76.21 d75-153-76-21.bchsia.telus.net.
75.153.76.253 d75-153-76-253.bchsia.telus.net.
75.163.76.221 75-163-76-221.omah.qwest.net.
75.163.76.226 75-163-76-226.omah.qwest.net.
75.183.76.229 cpe-075-183-076-229.triad.res.rr.com.
75.183.76.234 cpe-075-183-076-234.triad.res.rr.com.
75.183.76.249 cpe-075-183-076-249.triad.res.rr.com.
75.183.76.253 cpe-075-183-076-253.triad.res.rr.com.
75.183.76.28 cpe-075-183-076-028.triad.res.rr.com.
75.203.76.24 24.sub-75-203-76.myvzw.com.
75.23.76.205 adsl-75-23-76-205.dsl.peoril.sbcglobal.net.
75.23.76.210 adsl-75-23-76-210.dsl.peoril.sbcglobal.net.
75.3.76.223 adsl-75-3-76-223.dsl.chcgil.sbcglobal.net.
75.3.76.237 adsl-75-3-76-237.dsl.chcgil.sbcglobal.net.
75.3.76.239 adsl-75-3-76-239.dsl.chcgil.sbcglobal.net.
75.3.76.247 adsl-75-3-76-247.dsl.chcgil.sbcglobal.net.
75.33.76.224 adsl-75-33-76-224.dsl.bcvloh.sbcglobal.net.
75.33.76.231 adsl-75-33-76-231.dsl.bcvloh.sbcglobal.net.
75.33.76.238 adsl-75-33-76-238.dsl.bcvloh.sbcglobal.net.
75.33.76.243 adsl-75-33-76-243.dsl.bcvloh.sbcglobal.net.
75.33.76.254 adsl-75-33-76-254.dsl.bcvloh.sbcglobal.net.
75.43.76.212 adsl-75-43-76-212.dsl.snantx.sbcglobal.net.
75.43.76.213 adsl-75-43-76-213.dsl.snantx.sbcglobal.net.
75.43.76.231 adsl-75-43-76-231.dsl.snantx.sbcglobal.net.
75.53.76.27 adsl-75-53-76-27.dsl.ipltin.sbcglobal.net.
75.63.76.211 adsl-75-63-76-211.dsl.emhril.sbcglobal.net.
75.63.76.22 adsl-75-63-76-22.dsl.emhril.sbcglobal.net.
75.63.76.223 adsl-75-63-76-223.dsl.emhril.sbcglobal.net.
75.63.76.236 adsl-75-63-76-236.dsl.emhril.sbcglobal.net.
75.63.76.243 adsl-75-63-76-243.dsl.emhril.sbcglobal.net.
75.63.76.29 adsl-75-63-76-29.dsl.emhril.sbcglobal.net.
75.73.76.26 c-75-73-76-26.hsd1.mn.comcast.net.
75.83.76.207 cpe-75-83-76-207.socal.res.rr.com.
75.83.76.209 cpe-75-83-76-209.socal.res.rr.com.
75.83.76.23 cpe-75-83-76-23.socal.res.rr.com.
75.83.76.29 cpe-75-83-76-29.socal.res.rr.com.
76.103.76.211 c-76-103-76-211.hsd1.ca.comcast.net.
76.103.76.214 c-76-103-76-214.hsd1.ca.comcast.net.
76.173.76.227 cpe-76-173-76-227.socal.res.rr.com.
76.173.76.244 cpe-76-173-76-244.socal.res.rr.com.
76.183.76.28 cpe-76-183-76-28.tx.res.rr.com.
76.223.76.218 adsl-76-223-76-218.dsl.chcgil.sbcglobal.net.
76.223.76.221 adsl-76-223-76-221.dsl.chcgil.sbcglobal.net.
76.223.76.226 adsl-76-223-76-226.dsl.chcgil.sbcglobal.net.
76.223.76.238 adsl-76-223-76-238.dsl.chcgil.sbcglobal.net.
76.223.76.240 adsl-76-223-76-240.dsl.chcgil.sbcglobal.net.
76.223.76.243 adsl-76-223-76-243.dsl.chcgil.sbcglobal.net.
76.223.76.250 adsl-76-223-76-250.dsl.chcgil.sbcglobal.net.
76.23.76.20 c-76-23-76-20.hsd1.in.comcast.net.
76.23.76.219 c-76-23-76-219.hsd1.in.comcast.net.
76.3.76.26 nc-76-3-76-26.dhcp.embarqhsd.net.
76.3.76.27 nc-76-3-76-27.dhcp.embarqhsd.net.
76.83.76.24 mta-76-83-76-24.socal.rr.com.
77.183.76.229 brmn-4db74ce5.pool.einsundeins.de.
77.183.76.248 brmn-4db74cf8.pool.einsundeins.de.
77.233.76.229 77-233-76-229.cdma.dyn.kou.ee.
77.233.76.238 77-233-76-238.cdma.dyn.kou.ee.
79.113.76.24 79-113-76-24.rdsnet.ro.
79.113.76.246 79-113-76-246.rdsnet.ro.
79.113.76.27 79-113-76-27.rdsnet.ro.
79.3.76.208 host208-76-dynamic.3-79-r.retail.telecomitalia.it.
79.3.76.246 host246-76-dynamic.3-79-r.retail.telecomitalia.it.
79.73.76.225 79-73-76-225.dynamic.dsl.as9105.com.
80.133.76.220 p50854CDC.dip.t-dialin.net.
80.143.76.227 p508F4CE3.dip.t-dialin.net.
80.143.76.235 p508F4CEB.dip.t-dialin.net.
80.203.76.212 212.80-203-76.nextgentel.com.
80.3.76.213 spc1-barn8-0-0-cust212.asfd.broadband.ntl.com.
80.43.76.223 80-43-76-223.dynamic.dsl.as9105.com.
81.153.76.224 host81-153-76-224.range81-153.btcentralplus.com.
81.153.76.243 host81-153-76-243.range81-153.btcentralplus.com.
81.213.76.239 dsl.static8121376239.ttnet.net.tr.
81.213.76.249 dsl.static8121376249.ttnet.net.tr.
81.233.76.210 81-233-76-210-no73.tbcn.telia.com.
81.243.76.200 200.76-243-81.adsl-dyn.isp.belgacom.be.
81.243.76.204 204.76-243-81.adsl-dyn.isp.belgacom.be.
81.33.76.21 21.Red-81-33-76.dynamicIP.rima-tde.net.
81.53.76.203 ANantes-154-1-25-203.w81-53.abo.wanadoo.fr.
81.83.76.20 d51534C14.access.telenet.be.
81.83.76.248 d51534CF8.access.telenet.be.
82.123.76.232 ATuileries-151-1-14-232.w82-123.abo.wanadoo.fr.
82.163.76.214 dsl82-163-76-214.as15444.net.
82.163.76.216 dsl82-163-76-216.as15444.net.
82.233.76.237 lam60-1-82-233-76-237.fbx.proxad.net.
82.233.76.241 lam60-1-82-233-76-241.fbx.proxad.net.
82.3.76.2 client-82-3-76-2.manc.adsl.virgin.net.
82.43.76.247 82-43-76-247.cable.ubr06.croy.blueyonder.co.uk.
82.43.76.252 82-43-76-252.cable.ubr06.croy.blueyonder.co.uk.
82.53.76.223 host223-76-dynamic.53-82-r.retail.telecomitalia.it.
82.73.76.220 cc816351-a.groni1.gr.home.nl.
82.73.76.228 cc986304-a.groni1.gr.home.nl.
82.73.76.231 cc446233-b.groni1.gr.home.nl.
82.73.76.254 cc431926-a.groni1.gr.home.nl.
82.83.76.208 dslb-082-083-076-208.pools.arcor-ip.net.
82.83.76.226 dslb-082-083-076-226.pools.arcor-ip.net.
83.113.76.201 ALyon-156-1-157-201.w83-113.abo.wanadoo.fr.
83.113.76.245 ALyon-156-1-157-245.w83-113.abo.wanadoo.fr.
83.203.76.213 APoitiers-153-1-43-213.w83-203.abo.wanadoo.fr.
83.23.76.22 dcy22.neoplus.adsl.tpnet.pl.
83.23.76.233 dcy233.neoplus.adsl.tpnet.pl.
83.233.76.206 hbg-206-76-233-83.3.cust.bredband2.com.
83.253.76.202 c83-253-76-202.bredband.comhem.se.
83.93.76.2 0x535d4c02.hgnxx3.adsl-dhcp.tele.dk.
84.103.76.232 232.76.103-84.rev.gaoland.net.
84.103.76.25 25.76.103-84.rev.gaoland.net.
84.13.76.210 host-84-13-76-210.opaltelecom.net.76.13.84.in-addr.arpa.
84.13.76.23 host-84-13-76-23.opaltelecom.net.76.13.84.in-addr.arpa.
84.13.76.237 host-84-13-76-237.opaltelecom.net.76.13.84.in-addr.arpa.
84.13.76.242 host-84-13-76-242.opaltelecom.net.76.13.84.in-addr.arpa.
84.13.76.251 host-84-13-76-251.opaltelecom.net.76.13.84.in-addr.arpa.
84.13.76.255 host-84-13-76-255.opaltelecom.net.76.13.84.in-addr.arpa.
84.13.76.27 host-84-13-76-27.opaltelecom.net.76.13.84.in-addr.arpa.
84.143.76.213 p548F4CD5.dip.t-dialin.net.
84.143.76.249 p548F4CF9.dip.t-dialin.net.
84.163.76.212 p54A34CD4.dip.t-dialin.net.
84.163.76.23 p54A34C17.dip.t-dialin.net.
84.183.76.230 p54B74CE6.dip.t-dialin.net.
84.223.76.29 host-84-223-76-29.cust-adsl.tiscali.it.
84.73.76.233 84-73-76-233.dclient.hispeed.ch.
85.103.76.200
85.103.76.221
85.103.76.24
85.103.76.247
85.103.76.25
85.103.76.252
85.243.76.211 bl10-76-211.dsl.telepac.pt.
85.3.76.200 200-76.3-85.cust.bluewin.ch.
85.3.76.250 250-76.3-85.cust.bluewin.ch.
85.73.76.210 athedsl-263476.home.otenet.gr.
85.73.76.247 athedsl-263513.home.otenet.gr.
85.83.76.228 0x55534ce4.adsl.cybercity.dk.
86.133.76.212 host86-133-76-212.range86-133.btcentralplus.com.
86.133.76.219 host86-133-76-219.range86-133.btcentralplus.com.
86.133.76.251 host86-133-76-251.range86-133.btcentralplus.com.
86.143.76.203 host86-143-76-203.range86-143.btcentralplus.com.
86.143.76.234 host86-143-76-234.range86-143.btcentralplus.com.
86.143.76.29 host86-143-76-29.range86-143.btcentralplus.com.
86.153.76.216 host86-153-76-216.range86-153.btcentralplus.com.
86.153.76.221 host86-153-76-221.range86-153.btcentralplus.com.
86.153.76.242 host86-153-76-242.range86-153.btcentralplus.com.
86.213.76.232 ABordeaux-152-1-102-232.w86-213.abo.wanadoo.fr.
86.213.76.240 ABordeaux-152-1-102-240.w86-213.abo.wanadoo.fr.
86.33.76.22 d86-33-76-22.cust.tele2.at.
86.83.76.25 ip56534c19.direct-adsl.nl.
87.113.76.229 87.113.76.229.plusnet.pte-ag2.dyn.plus.net.
87.113.76.239 87.113.76.239.plusnet.pte-ag2.dyn.plus.net.
87.123.76.254 i577B4CFE.versanet.de.
87.123.76.29 i577B4C1D.versanet.de.
87.163.76.209 p57A34CD1.dip.t-dialin.net.
87.163.76.221 p57A34CDD.dip.t-dialin.net.
87.163.76.250 p57A34CFA.dip.t-dialin.net.
87.203.76.22
87.203.76.230
88.123.76.219 dyn-88-123-76-219.ppp.tiscali.fr.
88.153.76.217 bzq-88-153-76-217.red.bezeqint.net.
88.163.76.227 seb44-1-88-163-76-227.fbx.proxad.net.
88.163.76.251 seb44-1-88-163-76-251.fbx.proxad.net.
88.173.76.200 mne69-10-88-173-76-200.fbx.proxad.net.
88.173.76.26 mne69-10-88-173-76-26.fbx.proxad.net.
88.203.76.202 c76-202.i05-20.onvol.net.
88.233.76.22 dsl88-233-19478.ttnet.net.tr.
88.233.76.24 dsl88-233-19480.ttnet.net.tr.
88.233.76.248 dsl88-233-19704.ttnet.net.tr.
88.243.76.20
88.243.76.214
88.243.76.251
88.253.76.226
88.253.76.248
88.73.76.206 dslb-088-073-076-206.pools.arcor-ip.net.
88.73.76.217 dslb-088-073-076-217.pools.arcor-ip.net.
88.73.76.220 dslb-088-073-076-220.pools.arcor-ip.net.
89.243.76.235
89.243.76.239
89.243.76.244
89.243.76.248
89.33.76.20
90.13.76.248 ANancy-155-1-29-248.w90-13.abo.wanadoo.fr.
90.203.76.248 5acb4cf8.bb.sky.com.
90.203.76.29 5acb4c1d.bb.sky.com.
90.3.76.217 APlessis-Bouchard-154-1-45-217.w90-3.abo.wanadoo.fr.
90.33.76.237 AStrasbourg-254-1-53-237.w90-33.abo.wanadoo.fr.
91.163.76.223 dyn-91-163-76-223.ppp.tiscali.fr.
91.23.76.24 p5B174C18.dip.t-dialin.net.
98.193.76.226 c-98-193-76-226.hsd1.il.comcast.net.
98.203.76.25 c-98-203-76-25.hsd1.fl.comcast.net.


Does anyone know how this list was generated?
User avatar
the5cardstud
 
Posts: 19
Joined: Mon Jul 16, 2007 4:27 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby LANjackal » Tue Oct 02, 2007 5:18 pm

the5cardstud wrote:I am convinced that it is not authentic. I did a reverse lookup on 500 or so somewhat randomly picked addresses from the 5.3 million addresses in that list. Look at the results -- it's pretty clear that the vast majority of the items in the list are residential dynamic IP addresses from all over the world.
I'm confused. Are you referring to the list gotten from the leaked MD emails, or the list generated by BlueTack?
Follow me around the internet!
[Windows 7 Pro x64 (Primary OS)
User avatar
LANjackal
 
Posts: 5895
Joined: Thu Feb 26, 2004 1:58 pm
Location: Various networks. In the physical world I'm an adaptive AI that pretends to be human

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby SleepyOne » Tue Oct 02, 2007 5:24 pm

Most of you are looking at it wrong.

Even if the block-lists are only 10% accurate it STILL reduces the chances of getting caught.
As far as I can tell the blocklists actually blocks quite a bit of malicious adresses, so to say that "they dont work at all" is slightly wrong Id say.

Anything that has a chance of saving you is worth using IMO.

And really.. does it really take any effort to download a small file every now and then?
SleepyOne
 
Posts: 129
Joined: Fri May 12, 2006 1:22 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby Nutty-Slack » Tue Oct 02, 2007 5:50 pm

I flirted with the idea of ordering these into ranges for a blocklist, but life is too short, and decoys probably shouldn't be considered a "threat" as such anyway.
As is being discussed, it's impossible for the average person to verify even a relatively tiny list like this one.

69.151.179.253
Resolves to: AT&T Internet Services

217.88.241.218
Resolves to: Deutsche Telekom AG

86.88.122.71
Resolves to: NL-PMG-ADSL (Holland)

etc. etc.

It's entirely possible that MD were or are using, have or have used any of the listed IP addresses, but once they're added in at Bluetack it's a life sentence.
Another 5,329,403 IP addresses gone forever.
Eventually the only people outside of the blocklists will be cable users with fixed IP addresses.

I've always maintained that PeerGuardian itself is fundamentally a decent piece of software, but the whole blocklist thing does look completely untenable when you have even an inkling (like this list) of what we're up against.

Incidentally Icey, the ranges start at 24.xxx.xxx.xxx
Unfortunately, the list isn't ordered particularly well.

Quibus Societas Nobis Intemporaliter
User avatar
Nutty-Slack
 
Posts: 2379
Joined: Tue Jan 16, 2007 11:08 pm
Location: Shit Creek (UK)

Postby MrFredPFL » Tue Oct 02, 2007 6:38 pm

congrats on your 1337th post, nutty - you truly are leet for the moment :D

and to expand on something else u said - i don't think anyone with sense doubts the ability of the folks at peerguardian to code a program which can successfully read a blocklist, and block communication with the addresses on that list. this is, after all, a straightforward piece of programming. the dispute has always been about the accuracy of the lists themselves, in my mind.

the funny thing is, this is all that recently posted study did - confirm that peerguardian works as designed. meaning, in other words, it is successful at blocking the addresses on the list(s) it is fed. but it did absolutely nothing to demonstrate the validity of those lists.
MrFredPFL
 
Posts: 14234
Joined: Wed Aug 17, 2005 4:48 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby the5cardstud » Tue Oct 02, 2007 7:35 pm

LANjackal wrote:
the5cardstud wrote:I am convinced that it is not authentic. I did a reverse lookup on 500 or so somewhat randomly picked addresses from the 5.3 million addresses in that list. Look at the results -- it's pretty clear that the vast majority of the items in the list are residential dynamic IP addresses from all over the world.
I'm confused. Are you referring to the list gotten from the leaked MD emails, or the list generated by BlueTack?


I'm referring to "List of all IPs that MD has used (14.3 MB)" from http://www.mediadefender-defenders.com/ -- does anyone know where this list came from?

Indications are strong that the above list is illegitimate.
- Too many addresses
- Too many addresses that fall within clearly residential IP blocks with dynamically assigned IP addresses
- Too widely varied across geographic locations, many of which it would have been exceedingly difficult for MediaDefender employees to use.

We know that MD employees used their home connections -- which would be a California ISP. Other than that, their M.O. was to rent rack and IP space allocated to b2b and hosting services.
User avatar
the5cardstud
 
Posts: 19
Joined: Mon Jul 16, 2007 4:27 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby Nutty-Slack » Tue Oct 02, 2007 7:37 pm

MrFredPFL wrote:i don't think anyone with sense doubts the ability of the folks at peerguardian to code a program which can successfully read a blocklist, and block communication with the addresses on that list. this is, after all, a straightforward piece of programming. the dispute has always been about the accuracy of the lists themselves, in my mind.

Yeah, point taken.
This thread really has nothing to do with PeerGuardian (although it's getting that way).
It's just that i'm so conditioned to seeing "PeerGuardian is useless", "PeerGuardian is crap" plastered all over the web by the many, many people who don't distinguish between the program and the blocklists.

I've been using it for some time, managing my own list.
I could add IPs or ranges to my firewall or any of a number of similar programs, but PG2 is the most efficient and reliable solution that i've yet tried.

Quibus Societas Nobis Intemporaliter
User avatar
Nutty-Slack
 
Posts: 2379
Joined: Tue Jan 16, 2007 11:08 pm
Location: Shit Creek (UK)

Postby MrFredPFL » Tue Oct 02, 2007 7:47 pm

the5cardstud wrote:Indications are strong that the above list is illegitimate.
- Too many addresses
- Too many addresses that fall within clearly residential IP blocks with dynamically assigned IP addresses


oddly enough, i have heard that said before too, more than once. the odd part is that the people saying those things were referring to the blocklists ;)
MrFredPFL
 
Posts: 14234
Joined: Wed Aug 17, 2005 4:48 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby Dazzle_2 » Tue Oct 02, 2007 8:47 pm

I hope as a blocklist operator for the WinMX network I can clear up some of those apparent residential IP addresses.
We encountered many such randomly spread dynamically allocated IP adresses that would be in use from between a few days to in one case a whole year, when we ran more simple tests we came up with the secret of the whole matter it seems these addresses are being used by a company that operate as a proxy front for Macrovision (traceroute is your friend), MediaDefender have only been known to use the odds and sods server allocations they could lay hands on and are nowhere near as technically proficient as Macrovision.

Moving on to the lists issue itself, its well known we asked people to stop using the blutak lists due to their inclusion of our networks Peer Cache servers that allowed users to connect and their behaviour in dealing with the above proxied dynamic IP's, it was'nt so much them being included while they where in use by the "enemy" but their blatant refusal to remove them even when it was explained to them that we could prove technically they where no longer in use or likely to be.

In our opinion PG2 with a blutak blocklist installed is more of a threat to any P2P network than the flooding companies, this is due to having such a massively indescriminate blocklist that it has been found on occasion to be diminishing the available amount of peers who could connect and operate on the network, we stated this is "anti p2p" activity accordingly.

I think the real problem is they have not divided the work suffeiciently amongst themselves when it comes to the p2p networks, in many cases they have shown they are unable to understand how the different networks operate which was something I was unaware of prior to making a complaint with them.

My suggested remedy is a simple one, if they took the time to get the tech folks from each network to help in identifying exploitable traits or signature activity that could be monitored for they could make the list at least 1/10th of its current size and become what people expected them to be, conversly they could do nothing except shoot the messenger and end up becoming more of a threat than a defence.
Dazzle_2
 
Posts: 833
Joined: Sun Sep 16, 2007 6:44 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby piXelatedEmpire » Tue Oct 02, 2007 9:46 pm

Dazzle_2 wrote:My suggested remedy is a simple one, if they took the time to get the tech folks from each network to help in identifying exploitable traits or signature activity that could be monitored for they could make the list at least 1/10th of its current size and become what people expected them to be, conversly they could do nothing except shoot the messenger and end up becoming more of a threat than a defence.

This sounds like a legitimate and sound idea actually. Let me qualify this by stating I really have no idea how blocklists are created and implemented, nor do I use them at all.
Last edited by piXelatedEmpire on Tue Oct 02, 2007 11:51 pm, edited 1 time in total.
Ross Wheeler, CEO of Albury.net.au, referring to the Australian Governments internet filtering plan wrote:"It's the most ill-conceived pile of stupidity by the biggest bunch of cretins that I've ever seen in my life"
piXelatedEmpire
 
Posts: 4680
Joined: Tue Mar 14, 2006 4:45 pm
Location: ESPNs NBA page

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby lordfoul » Tue Oct 02, 2007 11:36 pm

@Dazzle_2 Thanks for the insight.
E-Thug - Cause talking shit in person is dangerous.
User avatar
lordfoul
 
Posts: 2587
Joined: Tue Feb 17, 2004 11:44 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby LANjackal » Tue Oct 02, 2007 11:59 pm

Whhheeeee my head is spinning, lol
Last edited by LANjackal on Wed Oct 03, 2007 4:21 am, edited 2 times in total.
Follow me around the internet!
[Windows 7 Pro x64 (Primary OS)
User avatar
LANjackal
 
Posts: 5895
Joined: Thu Feb 26, 2004 1:58 pm
Location: Various networks. In the physical world I'm an adaptive AI that pretends to be human

Postby Aaron.Walkhouse » Wed Oct 03, 2007 3:21 am

I have been tracking the MD fake addresses for a few years now and they have always been just that, fakes randomly generated and put out in entirely counterfeit search hits. This is why those downloads never start, the files and the IP addresses don't exist at all and MD probably went the extra mile to remove any addresses that even responded to a ping.

That huge 15 megabyte list is just a history of all of the addresses they ever generated and this is why it is so large and also why it is completely useless as a blocklist. Most of them are no longer going out in fake hits and some may actually be pointing at real computers owned by innocent internet users by now.

The best strategy when it comes to those fakes is to just block the most recent output and watch your downloads for "unauthenticated" (Or equivalent. I use BearShare ;] ) in the status column, which alerts the user to the fact that the file is a fake.

The genuine IP addresses operated or used by MD were already detected and blocked long before the leaks but not all of them were labelled MD because the identity of the attackers was not confirmed.
User avatar
Aaron.Walkhouse
 
Posts: 294
Joined: Mon May 01, 2006 8:02 am
Location: My igloos melt in June

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby LANjackal » Wed Oct 03, 2007 4:23 am

Thanks for that info, AW. I'm finally wrapping my head around what's real and what isn't (IP addresses, etc.).
Follow me around the internet!
[Windows 7 Pro x64 (Primary OS)
User avatar
LANjackal
 
Posts: 5895
Joined: Thu Feb 26, 2004 1:58 pm
Location: Various networks. In the physical world I'm an adaptive AI that pretends to be human

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby -KM- » Wed Oct 03, 2007 8:37 am

The incident with them trying to call an entire p2p network anti-itself has been mentioned, but that's hardly uncommon, there are a lot of posts where someone has even hinted at their lists not being reliable where they have responded by calling them anti-p2p and blocking everything to do with them - the fact that one of those incidents happened to be with the operator of a large p2p network merely demonstrates how credible they are when they go calling someone anti-p2p.

A while back I handed them a list of around 250 dynamic IP Addresses that were all actively being used to flood various p2p networks with fake files, none of which were on any of their block lists (excluding a couple which were on ISPs where bluetack had the entire ISP blocked, blocking thousands of legitimate users and about 2-3 flooders, and a couple that were flooding winmx which had been copied from the winmxworld block list - in fact the only ones on there that weren't entire ISP blocks were the ones from winmxworld...)

It took bluetack just over 24 hours to respond with the fact that they would not be blocking them because they don't know how to check if they are flooders or not - which for them to even try claiming their lists are accurate when they admit they don't have a clue what should and shouldn't be blocked just brings up questions of exactly what they are smoking...

Last I saw of that thread, it got moved out of the public section in to a members only section and I was banned, then when I went back to find it again a couple of days later (to give someone a link) I couldn't find it anywhere.

btw anyone planning on defending bluetack saying it's hard to confirm them - every single one of them could be verified by using the extremely rare and hard to find "traceroute" utility that comes with every network enabled OS I've ever installed, as at the time every single one of them was using a basic destination IP Address rewrite at the dynamic host to redirect back to their data center, allowing traceroutes to follow the redirect and identify the macrovision data center as the destination.

(For obvious reasons I won't mention how I detected them in the first place, I can understand not many would have figured out that method I used, however the fact is they missed them all, and then when handed them on a plate - or technically on a forum - they didn't do anything with them, this in my mind confirms them as anti-p2p, as they are much more eager to block legitimate p2p users than they are to block companies like macrovision)
-KM-
 
Posts: 61
Joined: Tue Mar 30, 2004 5:15 am

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby IceCube » Wed Oct 03, 2007 12:11 pm

I thought this was particularly interesting to add:

Hagenvontron wrote:Hey,

I just looked at that list, and there was no new entry we could add to our blocklist in em.

So, all those IPs that are posted there we had allready blocked and all of em for quite some time now.

HvT


:lol: :lol:
User avatar
IceCube
 
Posts: 17079
Joined: Tue Jun 14, 2005 5:31 pm
Location: Igloo Country?

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby Dazzle_2 » Wed Oct 03, 2007 4:35 pm

I read that also on the BISS site and had to laugh, of course it seems in direct contradiction to anyone elses testing, including that done here.

The total number of IPs used by Media Defender starting with 116 was 1,474. Obviously, BlueTack did block all IPs that started with 116, but how many Media Defender IPs were successfully blocked? When Slyck investigated, there was a common theme that blocklists seemingly jumped over several ranges used by Media Defender. After some extensive study using the Level1 list for anti-p2p companies and the 'Paranoid' list, BlueTack would have successfully blocked 16 IPs. Thus, this sample test offered 1.09% protection against Media Defender in that range.


I take on board the point raised above by Aaron.Walkhouse regarding how the IP,s on the MediaDefender lists are likely to be way out of date and no longer used, of course this is a double edged sword and has never stopped blutak from continuing to include those same IP's on their lists regardless of who is using them and I would be very interested to see any evidence of them removing any IP ranges that are no longer in use by the "enemy" regardless of whether they where in the MD list or not.

Wheres Winston84 when you want a real debate ? :wink:
Dazzle_2
 
Posts: 833
Joined: Sun Sep 16, 2007 6:44 pm

Postby Aaron.Walkhouse » Thu Oct 04, 2007 11:44 pm

Actually, Bluetack ignored those fake addresses and I only supplied the most recent ones in the optional gnutella templist, letting them expire quickly.

Anyway, the point is moot now as far as I'm concerned.
They stopped pouring out the fake hits on gnutella earlier this week. :headbang:
User avatar
Aaron.Walkhouse
 
Posts: 294
Joined: Mon May 01, 2006 8:02 am
Location: My igloos melt in June

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby Dazzle_2 » Fri Oct 05, 2007 4:16 am

So can you confirm Aaron that anyone running bog standard PG2 does not in fact get the "optional" gnutella list ?

You,ll see the fakes return soon enough, we have seen them again already on the network I use, so stay sharp :)
Dazzle_2
 
Posts: 833
Joined: Sun Sep 16, 2007 6:44 pm

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby Aaron.Walkhouse » Fri Oct 05, 2007 3:51 pm

If you want to use my gnutella templist you would have to add it yourself because it is not in the default config of any protective program.

http://www.bluetack.co.uk/config/gnutella.zip

It consists of IP addresses that host known worms and spam, as well as verified anti peer-to-peer activities.
User avatar
Aaron.Walkhouse
 
Posts: 294
Joined: Mon May 01, 2006 8:02 am
Location: My igloos melt in June

Re: MediaDefender Leak Offers BlueTack Users a Reality Check

Postby Dazzle_2 » Fri Oct 05, 2007 4:15 pm

My Thanks Aaron 8)
Dazzle_2
 
Posts: 833
Joined: Sun Sep 16, 2007 6:44 pm

Next

Return to Slyck News

Who is online

Users browsing this forum: No registered users and 1 guest

© 2001-2008 Slyck.com