Hello.
I have been noticing a high level of traffic from locations in my P2P block list. After searching out the cause I have discovered a few things that might be of interest.
Details:
P2P downloads handled by ”torrent (utorrent.com)
Blocklists handed by peerguardian2 (phoenixlabs.org)
Browser is usually Opera (opera.com)
AdBlocking by hosts file done with MVP (mvps.org)hosts.htm
OS is Win XP
Firewall is Jetico (jetico.com)
PG2 reported a number of contact attempts any time ”torrent was running. This even happened when there were no uploads or downloads.
All these attempted connections were stopped by making configuration changes in ”torrent.
This stopped blocklist IPs while ”torrent was idle.
After starting a download that was unlikely to be monitored by the RIAA (National geographic free backgrounds) there were no attempts to contact my machine from any in my blocklists.
(NOTE all the features disabled above)
When I asked ”torrent to "Copy Peer List" from the fastest seeder I began to see a number of connection attempts from IPs in my blocklist.
My conclusions include . . .
1. Anti P2P agencies are actively seeding their own content.
2. Their level of access to your IP can be greatly reduced using PeerGuardian, ProtoWall or some other blocklist based protection.
3. Their level of access to MY IP can be greatly reduced if all of us use blocklist based protection.
4. Turning off "peer exchange" and DHT options in your torrent client may reduce our exposure to snooping by MPAA or RIAA or their pawns.
5. We need to have a number of different layers of protection to help us block Ads, spam, anti P2P and other unwanted traffic.
I would love to have your observation & opinions.
BTW, I am in Canada where the laws are currently more friendly than in the US.
Why did you disable "ask tracker for scrape information"?
I think it does not matter where you are. The media mafia has started 'black ops'. I think they are funding hackers by some back door method so their funding will not be traced. They may be seeding tainted apps and/or infected goods with special malware. What I think they are funding would be illegal anywhere. I suspect they are putting robots in your computer. One can only guess what they are using them for.
Originally posted by Mez: Why did you disable "ask tracker for scrape information"?
Ask tracker for scrape information tells ”Torrent to scrape the tracker (ask for peer and seed counts). By default, the tracker is scraped only when the torrent job is started, but this can be changed.
I wanted to disable all peer info exchange.
I did not understand scrape info so I disabled it.
You are right that it probably makes no difference.
You also said "I think it does not matter where you are."
Legally, Canada is far more friendly than the USA so I am less worried about legal prosecution.
You mentioned "I suspect they are putting robots in your computer."
It is easily done by having the "anti P2P organizations" download the torrent, and then their IP gets added to the torrent by peer exchange.
not "bots", but just being a part of the torrent network with peer exchange enabled.
There is a recent post about someone caught his computer contacting addresses on his block list. 2-3 weeks ago my Foxfire was infected with something VERY nasty. I started thinking why Foxfire. Because it can communicate through the firewall. I did not catch my computer sending messages back but I didn't look. I was too busy killing it. I am here just to take inventory as to what else has hit the fan.
Today my blocker was disabled. I pulled the plug on my computer and started up in safe mode and reinstalled a virus scanner and ran a scan. Hopefully, I acted in time. I was at the computer when it happened. I discovered my peerguardian url had been changed to something that looked like peergurdian but was not. I found that out today because I suspected it had been tampered with. I did this all in safe mode and the site was not the same site that I saw a few days earlier. That site said that they were not supporting pg2 anymore but had a new product you could instal. I need to look into that further. I am doubting my sanity on that one.
Originally posted by Mez: 2-3 weeks ago my Foxfire was infected with something VERY nasty. I started thinking why Foxfire. Because it can communicate through the firewall.
the "Why Firefox" question is more detailed.
Most browsers have a method for allowing "helper applications" and "tool bars" this makes them vulnerable. When ever you allow someone else to choose what code you run you open a Pandora's box of possible trouble.
Your firewall should allow the following ports open to your browser:
20/TCP FTP – data Official
21/TCP FTP—control (command)
80/TCP,UDP Hypertext Transfer Protocol (HTTP)
the problem comes when you allow scripts or helper applications to run code rather than simply display web pages or download files.
My favourite way to remove viruses is to boot from another device that allows for a web based virus scan. I usually boot from Knoppix (linux boot CD) when I have to get rid of windows viruses.
My other option is to remove the infected hard drive and attach it to a USB/IDE adapter (ebay item 27ae97c7b6)
then I scan from a known healthy computer.
