PEER GUARDIAN

What is Peer Guardian?
Peer Guardian is perhaps the most popular IP blocking software tool on the web. Peer Guardian is primarily used by the Peer2Peer sharing community to block the RIAA, MPAA and other organizations from tracking a sharer's IP address and online activity. In addition to blocking IP addresses , Peer Guardian also can block adware, spyware, government IP's and educational IP's. Peer Guardian is open source and originally developed by Phoenix Labs. The latest version is Peer Guardian 3, however since Peer Guardian 3 is only supported on MS Windows Vista , Peer Guardian 2 continues to be the most popular version.




How Does Peer Guardian Work
Peer Guardian works by blocking IP addresses. Peer Guardian keeps updated lists and uses these lists to halt access to specific IP addresses while you share files and conduct other web activities.
Peer Guardian is extremely easy to use, you first download the software which is less than 2 MB and install it. Once installed, Peer Guardian will update all IP lists and request that you set up your personal preferences. Some of the preferences available for the user are:
• The ability to block spyware, adware and ads
• The ability to block educational and government IP ranges
• The ability to block IP's specifically used by the RIAA, MPAA and other organizations to track you during P2P file sharing or other web activities
Once all lists have been selected, downloaded and updated, you can set Peer Guardian to launch either at startup or at your request. Peer Guardian works mainly in the background and most users won't even notice it.
Considerations
Peer Guardian 2 is able to block all ports and protocols when used with Windows XP; however earlier operating systems such as Windows ME and 98 will only block TCP. Peer Guardian 2 is extremely safe to use and for the most part doesn't require lots of memory or processing power to run. Unfortunately, the original version was considered by many to be a memory and power hog, however since Peer Guardian has gone open source, the new code is written in C and is much more efficient.
It is also important to note that Peer Guardian updates its lists quite often. You can choose to update your list at each launch, every couple of days or once a week. While Peer Guardian is an excellent tool to block others from tracking your IP address, it is not a foolproof tool, due to the fact that a new IP that is not on the list is not blocked by Peer Guardian and thus can be tracking you. However, for most users, Peer Guardian does substantially reduce the risk of being tracked. It is also important to note that while Peer Guardian does include the ability to block spyware and other forms of malware, it is not a substitution for a firewall. Finally, the downside to using Peer Guardian is that in some cases the software is known to interfere with Stream connectivity and Battlefield 2, causing disruptions.
Peer Guardian downloads are open source and available for free at its official website
at the following link: Phoenix Labs

An Intrusion Detection System (IDS) is a system for detecting misuse of network or computer resources.


An IDS will have a number of sensors it utilizes to detect intrusions. Example sensors may be:
• A sensor to monitor TCP connection requests.
• Log file monitors.
• File integrity checkers.
The IDS system is responsible for collecting data from it's sensors and analyzing this data to give the security administrator notice of malicious activity on the network.
IDS technologies are commonly divided into NIDS (Network Intrusion Detection Systems) and HIDS (Host Intrusion Detection Systems).
Newer NIDS also attempt to act as NIPS (Network Intrusion Prevention Systems).
Snort is an excellent open source Network Intrusion Detection System.
A port scanner is a program which attempts to connect to a list or range of TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) ports on a list or range of IP addresses .


Port scanners are used for network mapping and for network security assessments.
The first decisions to make when running a port scanner is to determine the network range you want to scan. This could be a single IP address, a list of IP addresses, or a range of IP addresses.
The second decision to make when running a port scanner is to determine how heavily you want to scan. A light port scan might test TCP ports 22 (SSH), 23 (Telnet), 25 (SMTP), and 110 (POP). A heavy port scan might test both TCP and UDP ports 1-1024. A light port scan will return results much more quickly, a heavy port scan will return more detail.
Because UDP is an unreliable protocol, UDP ports require significantly more time to scan than TCP ports.
Some port scanners will simply test to see if a port responds, while others will gather information about the services running on a port or even attempt to automatically exploit security vulnerabilities remotely.

History

Development on PeerGuardian started in late 2002, led by programmer Tim Leonard. The first public version was released in 2003, at a time when the music industry started to sue individual file sharing users (a change from its previous stance that it would not target consumers with copyright infringement lawsuits).

Version 1

The original PeerGuardian (1.0) was programmed in Visual Basic and quickly became popular among P2P users despite blocking only the common TCP protocol and being known for high RAM and CPU usage when connected to P2P networks. By December 2003, it had been downloaded 1 million times. The original version was released for free and the source code was made available under an open source license.

Version 2

After 7 months of development, in February 2005 Version 2 of PeerGuardian was released as a beta. The development of version 2.0 was lead by Cory Nelson, and aimed to resolve many of the shortcomings of Version 1. Version 2 enabled support for more protocols (TCP, UDP, ICMP, etc.), multiple block lists, and automatic updates. The installation procedure was also simplified, no longer requiring a system restart and driver installation.

In order to resolve speed and resource issues, Version 2.0 was re-engineered and re-developed in C++. The new design caused the application to consume significantly less processing power and memory while running. As with most other desktop firewall software for Windows, Version 2.0 is installed as a kernel-level filter in Windows 2000 and later, giving the application greater access to the Windows networking stack and greatly improving overall performance.

Future releases

Support for both Windows Vista and IPv6 are in release candidate phase as of January 2009.

Blocklist

The blocklist is stored in a number of different formats:

Binary formats

The binary formats (known as P2B) were created at the release of the first beta version of PeerGuardian 2, in order to create the smallest possible blocklist.

  • P2B Version 1 – This format was used only in the earliest releases of PeerGuardian 2. It was compressed using the gzip format. Lists are no longer produced in this format.
  • P2B Version 2 – The most widely used format, this is supported among a number of applications, including eMule and the Linux version of PeerGuardian. It is equivalent to the first version of the P2B format, but instead uses UTF-8 to store names.
  • P2B Version 3 – The newest version of the P2B format, this is currently supported only on the latest version of the Windows version of PeerGuardian 2. This format uses 7z compression for additional size reduction. The recent adoption of this format made it the least compatible one.

P2P plaintext format

The original format for PeerGuardian version 1.x was a simple plaintext format. Unfortunately this meant that lists became very large and cost a lot of bandwidth to distribute, heralding the construction of the smaller binary formats.

The format is as follows:

 Range Name:FirstIP-LastIP

For example:

 Localhost:127.0.0.1-127.0.0.1

This format is used in eMule, in the SafePeer Vuze plugin, and Protowall.

Blocklist Management Issues

Since at least 2006, the P2P blocklist used by PeerGuardian has been provided by "Bluetack Internet Security Solutions". ("Bluetack" was the name of the member of the original PeerGuardian team who owned its previous domain peerguardian.net and created the "Block List Manager" used to maintain the list.) The PeerGuardian developers state they have no control over Bluetack's list, and do not promote or link to alternative lists. They have been criticized for overly broad blocking based on unsubstantiated evidence.

PeerGuardian acknowledges that Battlefield 2, Blizzard, Steam, and ArenaNet connectivity is blocked, which creates problems for many online gaming users who are not aware that PeerGuardian will break game connectivity, and are thus directed to read the manual.

In 2007, Bluetack/PeerGuardian 2 were criticized for blocking denis.stalker.h3q.com, the second largest Bittorrent tracker as of December 2007, as an "Anti-P2P" address, and claiming that its maintainers (whose tracking software "Opentracker" is also used by The Pirate Bay) were conspiring with the MPAA and MediaDefender.[5] The maintainers are members of the Chaos Computer Club (CCC), a long-standing association of hackers and freedom of information activists, and had also briefly run their tracker from the CCC's own network. Bluetack also blocked CCC itself, accusing it of doing "anti-P2P work" and being a "threat" to file sharers, while others pointed to the fact that the CCC had been publicly defending P2P for years, and even called for boycotting the music industry to protest its file sharing lawsuits.

Although IP addresses of government and business entities are easily added to a list of IP addresses to be blocked, there is no means for PeerGuardian to block access by a government or business using an undocumented IP address to identify people engaged in software piracy or other illegal activity.

PeerGuardian Lite

PeerGuardian Lite is a derivative of PeerGuardian 2 made to consume as little CPU and RAM as possible. It has no UI or options and consists of a single tray icon. It is no longer developed, with the latest version released on April 22, 2005. It is also open source, allowing for future derivatives by any party.

Other criticism

Besides the original criticism of Version 1 being slow and buggy, most other criticism of PeerGuardian is around the actual technique used to block peers. Critics have pointed out that the blocklists are open to the public, and thus parties who may wish to circumvent PeerGuardian can actively check the list to see if their IP addresses have been blocked.

The blocklists are also managed by the public, but there is no fool-proof method on checking or reporting why an IP address or range are bad, nor on checking if the blocked IP addresses still remain bad. The list relies on the public to make submissions, and thus is vulnerable to attack itself .

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)