Welcome! Log In Create A New Profile

Advanced

Multiple PB instances to counter possible 'IP Flood Denial of Blocking'

Posted by Anonymous User 
One of my biggest Peerblock issues is that there is leakage of blocked ip addresses when Peerblock becomes overwhelmed with a massive list flood at a sudden point in time. I've been able to detect this with high-volume p2p traffic routed through a VM. A typical situation is this: I have a Win7 host running Peerblock, and a Debian Guest running Moblock. My Win7 host encounters a sudden flood of ip addresses that hits Peerblock, overwhelming it, allowing some IP's to pass-through, thus flagging my Moblock program inside my Debian VM Guest, where the traffic is destined. I can verify this because I have used the exact same lists in both the guest and host programs.

Because I haven't seen a specific name for this, I'll reference this as an 'IP Flood Denial of Blocking', unless devs can come up with something more witty. The simplest solution is to daisy-chain VM's with Peerblock/Moblock instances to redundantly catch leakage, but it requires more resources. A nice solution for us 'Quad-Core' and above users would be to have multiple "pre-defined" instances run on dedicated cores. I can't imagine more than 2 to be necessary, but during a "The Whole World is Coming Down on Me" scenario, 3-4 would be more practical. I'm open to further suggestions from others on this issue.



Edited 13 time(s). Last edit at 03/15/2011 01:50AM by redundant_clam.
Re: Multiple PB instances to counter possible 'IP Flood Denial of Blocking'
March 15, 2011 02:57AM
Interesting. I have never seen/heard anything like "IP Flood Denial of Blocking" before.

What VM software/version are you using?

What version of Debian are you using?

Are you using Bridged, NAT, Host Only, or some other custom Network Settings?

Can you upload your "peerblock.conf" ( C:\Program Files\PeerBlock ), I am interested in what lists you are using.

Can you possibly provide some screenshots of this happening?
I started noticing it about 4 months ago. I use Oracle Virtualbox v4.0.4. NAT connection. I noticed it on v3.2.12.

The specific list that kept popping up was I-Blocklist "Proxy", specifically Tor after I shut it down and enabled the "Proxy" list in Peerblock. I had a flood of blocks, and there were some exceptions that popped up on Moblock. It wasn't just Tor. It was also AP2P, and some China as well.

Guest OS: Debian v6.0, but primarily Ubuntu 10.10 when it happened the most. I recently ditched Ubu for Deb.

Lists all from I-Blocklist:
China
Russia
Netherlands
Taiwan
Proxy
P2P
Spyware
Ads
Level 2
Hijacked
Hacker

It's pulling 3am in my timezone and I have a busy day tomorrow. I'll post screenies of this later. Don't have any right now and I'd have to set it all up to re-create the problem. Until then, get a VM up, install and run Tor, then block it with both Moblock/Peerblock whatever and it'll do it.
Sorry, only registered users may post in this forum.

Click here to login