Security Navigation

Virus | Spam | Firewall | Firewall Basics Configuring Firewall | Blocking IP's Spyware |

Latest news

28 May 2007: Blocklist Manager version 2.7 released with more features and bug fixes.

10 Aug 2006: A 2.5 Alpha version of Protowall is now available for testing. By all accounts this looks like it will be an improvement over the excellent 2.01 Build 9 product.

Links:

• Bluetack
• Peer Guardian

Blocking IP's

Some firewalls come with the facility to block ranges of IP's while others treat this as a separate application. Certainly using Agnitum Outpost Firewall version 4.0 there is a third party plug-in Block Post. With the release of OFP 2008 Plugins have become a bit of a dirty word and really who could blame Agnitum for wanting to disallow third party products which have the potential for not being kept up to date with the latest Firewall version or capability for causing performance hits. So in my opinion it is safer to either have this as a built in feature of the firewall or even better to run this as a separate application should you feel the need for it. I am gradually coming to believe that web browsers such as IE7 and Firefox with new features such as anti phishing and ability to block dubious sites, is making the need for separate IP Blocking software less obvious.

If you remain a bit cautious like me then you will need to have a list of sites to block which is impractical to create manually, which is where something like Blocklist Manager discussed here fits the bill. When you have your list of sites you wish to block there are solutions that allow you to block IP ranges independently of the firewall detailed here. Alternatively you can take a look and see if your Firewall has the capability of importing lists of IP's to block. There are pros and cons associated with each approach; for example you may have a different firewall to those supported by Blockpost, or you may not wish to be dependent on a third party offering that has to catch up each time there is a new version of the Firewall. The choice is yours and generally comes down to personal preference; having seen what happened with Outpost Pro 2008, my preference is not to be dependent on the Firewall vendor. One thing you should be aware of is that blocking ranges of known problem sites should make your PC safer, but you still need a firewall to protect against those sites and applications that are not blocked.

Blocklist Manager

Blocklist Manager from Bluetack is a very straightforward way to manage lists of IP's that you don't want entering your system. What it does is allow you to select various categories of block lists such as known spyware and trojan sites. You can then download the selected lists and Blocklist Manager will merge all the lists and create ranges of IP's with their descriptions that it believes are potential or actual sources of anti-social behaviour. You have to exercise some care with the lists as there are some sites that it considers should be blocked that you may require - you will soon find out which these are and then you can add them to a manual exclusion list which will then be knocked off the blocked lists on the next run. Blocklist Manager converts the blocked ranges to those suitable for your IP Blocker. For example it can generate lists for ZoneAlarm, Blockpost, Protowall and others. There is also a little facility that is called 'Whois' that allows you to look up an IP address and it will give you the details, you can then add them to your manual inclusion blocked list if they have been causing you problems. Note that there is a chargeable 'Whois' plug-in called 'PC Flank WhoEasy'- I cannot see any advantage in paying for this other than it is more integrated into Outpost as a plug-in.

Maintaining the Blocklists

This is relatively straightforward by running a weekly (suggested) download of the latest blocklists via Blocklist Manager. This will ensure you have reasonably up to date protection. As and when you find problem sites or sites you want to unblock you can use a built in editing function to manually add the new IP's. You will then have to re-generate your lists for your IP blocker or firewall. Within Blocklist Manager there is an export function that allows you to create the blocklists in all the popular formats including Blockpost, Peer Guardian and Protowall. If you are feeling public spirited then you can join the BISS forum as a bad IP tracker and help the cause of safer surfing.

ProtoWall

ProtoWall is a driver based IP blocking system that runs independently of the firewall. The main reason I started looking at this was because a new version of Outpost firewall was released and the Blockpost plugin had would not work with the new version. So I saw Protowall mentioned in the forum and have been running it for over a year. I have experienced a few XP start up conflicts but I am now hoping that the latest 2.01 (Build 9) Beta version will overcome these problems. This software is my current preference over Blockpost, for several reasons. The first being that the Protowall IP blocking is independent of the Firewall, so every time there is a new version of the Firewall you do not have to consider whether the IP Blocker is compatible. When Agnitum released their latest 3.5 version of the Firewall they did not release the new SDK, so there was a long wait for the SDK before a new version of Blockpost was available. Also Protowall does not slow your machine down even with large include lists. It seems that Protowall can also be made to work on Vista with the appropriate driver, so it's worth having a look on the forum page if you are interested.

Installation

When you install this on Windows XP and try to use the automatic install method, more often than not you will find that the driver has not installed properly. So I have found it best always to do a manual install. There is a very good flash demo showing you exactly what the steps are and it is important that you follow these to the letter.

Using Protowall

You may well think that your firewall is doing an excellent job, but I have found using Protowall stops a lot of the port scanning attacks and prevents many of the tracking cookies getting anywhere near your system. Yes, sometimes it can be a bit of a pain adding to the exclusion and inclusion lists of IP's but it is worth it in the long run.

Unblocking an IP

The method to unblock an Ip can be a bit of a pain and you can find that when blocking an advertising IP that the page load will hang while it desperately tries to show the advert. This is actually the main downside of using an IP blocker, since if you decide to block Google, as an example, you will find the need to unblock whole ranges of IP's because Google and other large providers control many IP's which they seem to change on a regular basis. So if you are not careful, you will find yourself continuously unblocking IP's just to get to the web page you need. The process of unblocking an IP is fairly straightforward, but time consuming; go into Options/Personal Sources and press Edit Exclusions, then you can either enter a range of IP's or a single Ip that you want to allow. Press OK and OK and then press Process on the main menubar to regenerate the list. You then have to use Export List to create a new block ip list, then remember on Protowall screen to press File/Load IP and then your IP or IP range will be unblocked. There is a similar method to be used if you want to block your own personal ranges or single IPs.

PeerGuardian

Although this has been recommended to me I haven't actually checked this out yet. For the moment I am quite content to leave Protowall running. Currently the latest version of PeerGuardian, version 2, does not work with Vista, but this is their top priority.