Welcome! Log In Create A New Profile

Advanced

Block incoming traffic

Posted by Anonymous User 
Anonymous User
Block incoming traffic
January 09, 2010 11:17AM
First of all Hi everybody.

To my request, i noticed that PB is blocking outgoing traffic but isn't blocking incoming at all. I compared to PG2 and saw that PG2 is also blocking incoming. I would consider this feature desirable. Thanks
Anonymous User
Re: Block incoming traffic
January 09, 2010 12:13PM
PB blocks both incoming and outgoing traffic - the columns are titled "Source" and "Destination".
Anonymous User
Re: Block incoming traffic
January 10, 2010 08:34PM
That's not what I meant. I'm aware of how they are titled. I meant that PeerBlock is actually not blocking incoming traffic.
For example when I use PG2 and watch a divx stream with Divx Web Player and HTTP is allowed the streaming goes on, when I block HTTP the stream is cut off and PG2 log shows Source "Streaming Site" Destination "My IP" Action "Blocked".
When I watch a stream using PB and do they same it won't block the rest of stream, it just goes on. And that goes for any download or incoming traffic not just for port 80.
Anonymous User
Re: Block incoming traffic
January 10, 2010 10:53PM
Sorry, but when I said "PB blocks both incoming and outgoing traffic" I meant that PB blocks any traffic to or from the IP's that are in the block lists that you use, but nothing else - if you see what I mean.
Re: Block incoming traffic
January 11, 2010 05:25AM
Heya Rasputin939.

Have you tried visiting that same site again with HTTP Block on? It could be that you've given a permanent allow to that streaming video site. In PeerBlock, if similiar IP's are found on both Block and Allow list, Allow list is given priority.
Anonymous User
Re: Block incoming traffic
January 12, 2010 04:54PM
I don't think you guys are getting where I'm going smiling smiley
I'll try to explain in a better way. When HTTP is blocked (and the site I want to download from is definitely NOT in my allow list) and I try to watch a stream from lets say megavideo.com the log shows that Carpathia Hosting servers are blocked and I don't get to even see the site in the first place. Cause my OUTGOING traffic is blocked, so the site is not able to send a response and won't open up in my browser. When I now allow HTTP the site is shown and I can watch the stream. When I now block HTTP DURING download it isn't cut off but goes on unaffected and the log doesn't show anything too. So that's what tells me Peerblock isn't blocking any incoming traffic cause PG2 did affect the download when blocking HTTP during download. And yes the stream comes on port 80.
Re: Block incoming traffic
January 12, 2010 09:31PM
avatar
I'm surprised that PG2 would have broken the connection in this case while PeerBlock doesn't.  While we've made a few modifications to the driver, they're still mostly the same code . . . and none of the specific changes I can think of should have this effect.  Both drivers should only be filtering on initial connection setup; once the connection's been set up, Windows should no longer be calling into us to ask "Is this connection still allowed? ... How about now? ... Now? ...".

Nearly all of this traffic is technically "outgoing", even though it appears to be streaming from them to you.  Network traffic actually (usually) has two components to it - an initial request (outgoing in this case) followed by a response (incoming).  Both of these are encapsulated in one "connection".  When requesting a website .html file, or a .jpg, you send a request "please give me the file 'whatever.jpg'", and the server's response includes whatever.jpg.  When you're streaming video however, you send a request "please stream to me the file 'something.avi'", and the server's response is more like "here's the first little bit of 'something.avi'; I'm not done yet, though, more stuff is coming so don't close this connection yet...", then a few milliseconds later another part of the response comes: "here's a little bit more of 'something.avi'; I'm still not done yet though, so don't close the connection...", then a few milliseconds later more, and then more, and then more . . . all sharing that same single connection though.

I'm actually not all that much of a networking guy, believe it or not, but that's my understanding of the process.

So does it make sense now how blocking HTTP in the middle of a stream shouldn't affect that stream all that much?  Windows only asks our driver if it should allow/block a connection once when the connection is first attempting to be established; once it's established, it assumes it's still okay.

PeerBlock most definitely does block incoming connections, barring some bug or another.

Hope that helps,

        ---  Mark  ---




Lead developer of PeerBlock
Anonymous User
Re: Block incoming traffic
January 13, 2010 10:24AM
Alright that helped me quiet a lot. If it's the way you explained I don't have any further concerns. Still a bit confused about PG2 blocking in the middle of a download and PB not (cause they're practically the same code as you said) but alright.
And btw I know how streams are working that's why I used it as an example, cause it's a partial download you can watch while the rest is being downloaded and it's (mostly) on port 80 winking smiley
Anonymous User
Re: Block incoming traffic
February 13, 2010 08:16AM
Funny how this discussion dropped the actual issue. Let me describe what I noticed, in simple words: In my Peerblock history log there are just rare incidents of blocked incoming traffic. In general, the entries seem to be limited to a few IP addresses like some Emir's that I couldn't care less about. Peerguardian on the other hand always found many suspicious IPs to block, and that in BOTH ways. To me it seems that this functionality has been reduced in some mysterious way. Maybe the zillion entries in the blocklists have become less effective, maybe these IPs are not used anymore in actual traffic, or maybe PB doesn't actually use the complete list because of a bug?



Edited 2 time(s). Last edit at 02/13/2010 04:26PM by biersepp.
Re: Block incoming traffic
February 16, 2010 02:30AM
avatar
Hi biersepp,

The actual blocking code used by PeerBlock is identical to that of PeerGuardian2.

There have been other changes, but the actual driver doing the blocking has not changed.

PeerBlock does not author the lists it uses, however i personally feel they are just as effective as they have been in the past.

The number of incoming vs. outgoing connections depends largely on what you are doing with your computer (or others on your network in some cases).

If you feel that the blocking done by PeerBlock is not working effectively for you, i suggest you have a look at some more lists on [iblocklist.com] . they have many more lists that may work well for you.

Cheers!
Sorry, only registered users may post in this forum.

Click here to login