PeerGuardian

Last updated

PeerGuardian 2
Pg2rc1vista.png
PeerGuardian 2 under Windows Vista
Developer(s) Phoenix Labs
Initial release2003
Preview release
2.0 RC1 [1] / 1 June 2007;15 years ago (2007-06-01)
[ citation needed ]
Written in C++
Operating system Microsoft Windows
Type Firewall
License zlib License
Website phoenixlabs.org/pg2
PeerGuardian Linux
Stable release
2.3.1 / 17 November 2015;6 years ago (2015-11-17) [2]
Operating system Linux
License GPL-3
Website sourceforge.net/projects/peerguardian
PeerGuardian OS X
Stable release
1.5.1 / 8 March 2009;13 years ago (2009-03-08) [3]
Preview release
1.7b2 / 28 October 2012;9 years ago (2012-10-28) [4]
Operating system Mac OS X
License zlib License
Website phoenixlabs.org/pgosx/

PeerGuardian is a free and open source program developed by Phoenix Labs (software). It is capable of blocking incoming and outgoing connections based on IP blacklists. The aim of its use was to block peers on the same torrent download from any visibility of your own peer connection using IP lists. The system is also capable of blocking custom ranges, depending upon user preferences.

Contents

The Windows version of this program has been discontinued in favor of other applications (Phoenix Labs encourage current PeerGuardian users to migrate to PeerBlock which is based on PeerGuardian 2 [5] ).

History

Development on PeerGuardian started in late 2002, led by programmer Tim Leonard. The first public version was released in 2003, at a time when the music industry started to sue individual file sharing users (a change from its previous stance that it would not target consumers with copyright infringement lawsuits). [6]

Version 1

The original PeerGuardian (1.0) was programmed in Visual Basic and quickly became popular among P2P users despite blocking only the common TCP protocol and being known for high RAM and CPU usage when connected to P2P networks. By December 2003, it had been downloaded 1 million times. [7] The original version was released for free and the source code was made available under an open source license. Due to Version 1.0 only blocking TCP ports PeerGuardian.net then shifted to bluetack.co.uk where Protowall, The blocklist Manager, B.I.M.S and the Hosts Manager were developed.

Version 2

After 7 months of development, in February 2005 Version 2 of PeerGuardian was released as a beta. [8] The development of version 2.0 was led by Cory Nelson, and aimed to resolve many of the shortcomings of Version 1. Version 2 enabled support for more protocols (TCP, UDP, ICMP, etc.), multiple block lists, and automatic updates. The installation procedure was also simplified, no longer requiring a system restart and driver installation.

Speed and resource inefficiencies were fixed by re-designing and re-coding Version 2.0 in C++ to consume less processing power and memory. As with most other desktop firewall software for Windows, Version 2.0 is installed as a kernel-level filter in Windows 2000 and later, giving the application direct access to the Windows networking stack and improving performance.

Support for both Windows Vista and IPv6 were in release candidate phase as of May 2009.

Blacklist

The blacklist is stored in a number of different formats:

Binary formats

The binary formats (known as P2B) were created at the release of the first beta version of PeerGuardian 2, in order to create the smallest possible blocklist.

P2P plaintext format

The original format for PeerGuardian version 1.x was a simple plaintext format. Unfortunately this meant that lists became very large and cost a lot of bandwidth to distribute, heralding the construction of the smaller binary formats. The format is as follows:

RangeName:FirstIP-LastIP

For example:

Localhost:127.0.0.1-127.0.0.1

This format also is used in eMule, in the SafePeer Vuze plugin, ProtoWall, KTorrent, and Transmission.

Blacklist management issues

Since at least 2006, [9] the P2P blocklist used by PeerGuardian has been provided by "Bluetack Internet Security Solutions". ("Bluetack" was the name of the member of the original PeerGuardian team who owned its previous domain peerguardian.net and created the "Block List Manager" used to maintain the list. [7] )

Bluetack.co.uk developed an application called the Bluetack Internet Management System (B.I.M.S) that would spider whois servers to create a map of the internet and all of its IP Addresses. With this database the admins of the site (Seraphielx, Moore, Firstaid, Tozanno, DeathAngel, R00ted) would search for names of Anti-P2P companies and set a status code in the entry to make the blocklists that would be downloaded by the blocklist manager for import into PeerGuardian, Protowall, and other applications that would block Anti-P2P traffic from accessing your download. They would also obtain logs from people who were sent letters for downloading "illegal" software, music and videos and figure out who in the list did not belong and flag the entry just to be safe.

The PeerGuardian developers state they have no control over Bluetack's list, and do not promote or link to alternative lists. They have been criticized for overly broad blocking based on unsubstantiated evidence.

PeerGuardian acknowledges that Battlefield 2 , Blizzard, Steam, and ArenaNet connectivity is blocked, which creates problems for many online gaming users who are not aware that PeerGuardian will break game connectivity, and are thus directed to read the manual.

With the blocklist manager application, users can add these sites to a "Safe list" allowing them to continue using the Games and websites without interference from PeerGuardian.

In 2007, Bluetack/PeerGuardian 2 were criticized for blocking denis.stalker.h3q.com, the second largest BitTorrent tracker as of December 2007, as an "Anti-P2P" address, and claiming that its maintainers (whose tracking software "Opentracker" is also used by The Pirate Bay) were conspiring with the MPAA and MediaDefender. [10] The maintainers are members of the Chaos Computer Club (CCC), a long-standing association of hackers and freedom of information activists, and had also briefly run their tracker from the CCC's own network. Bluetack also blocked CCC itself, accusing it of doing "anti-P2P work" and being a "threat" to file sharers, while others pointed to the fact that the CCC had been publicly defending P2P for years, and even called for boycotting the music industry to protest its file sharing lawsuits. [11]

Although IP addresses of government and business entities are easily added to a list of IP addresses to be blocked, there is no means for PeerGuardian to block access by a government or business using an undocumented IP address to identify people engaged in copyright infringement or other possibly unlawful activity.[ original research? ]

PeerGuardian Lite

PeerGuardian Lite is a derivative of PeerGuardian 2 made to consume as little CPU and RAM as possible. It has no UI or options and consists of a single tray icon. It is no longer developed, with the latest version released on 22 April 2005. It is also open-source, allowing for future derivatives by any party. As its developers reported online, Peerguardian Lite is now continued under the project and program Peerblock, and Peerguardian Lite users were recommended from around 2008 on to switch to Peerblock. Peerblock has some more options, but uses almost as little CPU as Peerguardian Lite did.

Other criticism

Besides the original criticism of Version 1 being slow and buggy, most other criticism of PeerGuardian is around the actual technique used to block peers. Critics have pointed out that the blocklists are open to the public, and thus parties who may wish to circumvent PeerGuardian can actively check the list to see if their IP addresses have been blocked.

The blocklists are also managed by the public, but there is no fool-proof method on checking or reporting why an IP address or range are bad, nor on checking if the blocked IP addresses still remain bad. The list relies on the public to make submissions, and thus is vulnerable to attack itself (see above section on blocklist management issues).

Vista 64 bit and Windows 7 64 bit are listed for application compatibility, but require a work around involving disabling driver signing that may require some degree of computer skill. [12]

Related Research Articles

An Internet Protocol address is a numerical label such as 192.0.2.1 that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification and location addressing.

The Internet protocol suite, commonly known as TCP/IP, is the set of communication protocols used in the Internet and similar computer networks. The current foundational protocols in the suite are the Transmission Control Protocol (TCP) and the Internet Protocol (IP), as well as the User Datagram Protocol (UDP).

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

In computer networking, the User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network. Prior communications are not required in order to set up communication channels or data paths.

In computing, the Windows Sockets API (WSA), later shortened to Winsock, is an application programming interface (API) that defines how Windows network application software should access network services, especially TCP/IP. It defines a standard interface between a Windows TCP/IP client application and the underlying TCP/IP protocol stack. The nomenclature is based on the Berkeley sockets API used in BSD for communications between programs.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

GNUnet Framework for decentralized, peer-to-peer networking which is part of the GNU Project

GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports and various basic peer-to-peer algorithms for routing, multicast and network size estimation.

NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol.

The computer file hosts is an operating system file that maps hostnames to IP addresses. It is a plain text file. Originally a file named HOSTS.TXT was manually maintained and made available via file sharing by Stanford Research Institute for the ARPANET membership, containing the hostnames and address of hosts as contributed for inclusion by member organizations. The Domain Name System, first described in 1983 and implemented in 1984, automated the publication process and provided instantaneous and dynamic hostname resolution in the rapidly growing network. In modern operating systems, the hosts file remains an alternative name resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary method or as a fallback method.

Computer Systems Research Group Former American research group at University of California, Berkeley

The Computer Systems Research Group (CSRG) was a research group at the University of California, Berkeley that was dedicated to enhancing AT&T Unix operating system and funded by Defense Advanced Research Projects Agency.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another, by exploiting encapsulation. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

Phoenix Labs was a software developing community founded by Tim Leonard and Ken McClelland and best known for PeerGuardian, an open-source software program optimized for use as a personal firewall on file sharing networks.

UDP hole punching is a commonly used technique employed in network address translation (NAT) applications for maintaining User Datagram Protocol (UDP) packet streams that traverse the NAT. NAT traversal techniques are typically required for client-to-client networking applications on the Internet involving hosts connected in private networks, especially in peer-to-peer, Direct Client-to-Client (DCC) and Voice over Internet Protocol (VoIP) deployments.

In computer networking, TUN and TAP are kernel virtual network devices. Being network devices supported entirely in software, they differ from ordinary network devices which are backed by physical network adapters.

A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.

The Skype protocol is a proprietary Internet telephony network used by Skype. The protocol's specifications have not been made publicly available by Skype and official applications using the protocol are closed-source.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

Fail2ban Intrusion prevention software framework

Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent against brute-force attacks. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, such as iptables or TCP Wrapper.

TCP reset attack, also known as "forged TCP resets", "spoofed TCP reset packets" or "TCP reset attacks", is a way to tamper with and terminate the Internet connection by sending a forged TCP reset packet. This tampering technique can be used by a firewall, or abused by a malicious attacker to interrupt Internet connections.

PeerBlock Personal firewall software

PeerBlock is a free and open-source personal firewall that blocks packets coming from, or going to, a maintained list of black listed hosts. PeerBlock is the Windows successor to the software PeerGuardian. It blocks incoming and outgoing connections to IP addresses that are included on blacklists, and to addresses specified by the user. PeerBlock mainly uses blacklists provided by iblocklist.com.

References

  1. "PeerGuardian 2". Phoenix Labs . Retrieved 24 September 2010.
  2. "PeerGuardian Linux – Browse PeerGuardian Files". SourceForge.net . Retrieved 14 November 2012.
  3. "PeerGuardian Mac OS X – Browse PeerGuardian Files". SourceForge.net . Retrieved 24 September 2010.
  4. "PeerGuardian Mac OS X 1.7b2 announcement". Phoenix Labs . Retrieved 18 September 2011.[ permanent dead link ]
  5. "PeerBlock 1.0 Released". Phoenix Labs. 30 September 2009. Retrieved 24 September 2010.
  6. King, Brad (6 May 2003). "Program Lets P2P Users Roam Free". Wired News . Condé Nast Digital. Retrieved 24 September 2010.
  7. 1 2 Mennecke, Thomas (10 December 2003). "PeerGuardian Interview". Slyck.com . Retrieved 24 September 2010.
  8. Mennecke, Thomas (2 February 2005). "PeerGuardian 2.0 Goes Beta". Slyck News . Retrieved 24 September 2010.
  9. "Archived copy". phoenixlabs.org. Archived from the original on 23 April 2006. Retrieved 13 January 2022.{{cite web}}: CS1 maint: archived copy as title (link)
  10. "The Pirate Bay Now Running on Opentracker". TorrentFreak.com . 8 December 2007. Retrieved 24 September 2010.
  11. Roettgers, Janko (20 September 2007). "Peerguardian blocks hacker club, accuses them of working for Mediadefender". P2P Blog. Retrieved 24 September 2010.
  12. "Disabling driver signing". Phoenix Labs. 16 June 2009. Archived from the original on 22 December 2010. Retrieved 24 September 2010.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.