Security rules: Block IP range?

ToNneTje · #1 (**permalink**) June 20th, 2011

How to do that?
I've get a lot connections from 208.93.7.x (x = number from 1 to almost 200... all using older Limewire versions and this client seems to be very agressive).
I can block every IP at once, but how to block a whole IP range?
I tried but without result (or did i do something wrong?)

Lord of the Rings · #2 (**permalink**) June 20th, 2011

Generally using a wildcard character, example 208.93.7.* or 208.93.*.*
However, one of the devs might be able to correct me if I am wrong with Phex.
ie: this is how it's done with LimeWire & some other p2p sharing clients, so I presume it's the same for Phex.

Keep in mind, blocking a wide range may affect innocent users who are not using such clients or versions as you suggest. And ip address ranges are not strictly divided into country or area zones. PM me if you wish to find out country ip listings.
Also keep in mind, lots of people nowadays have dynamic ip addresses which may switch from totally different ip addresses you may initially ban. I know my ip address switches frequently each week. I've noticed same thing about some problematic gnutella users (yes recognised them as the same persons.)

Very late Edit: seems I might have been incorrect about the above wildcard for even LW.

ToNneTje · #3 (**permalink**) June 20th, 2011

Thanks Lord, i didn't use the * but a 0 (zero) to block an IP range, without result... the * isn't working when i try to add this in the field

Quote:

Also keep in mind, lots of people nowadays have dynamic ip addresses which may switch from totally different ip addresses you may initially ban.

True, but i'm online 24/7 as Ultrapeer and i'm having connections from this range for months now... sometimes 20 or more, all of them using an old Limewire version and none of them with sharing files... that's why i'm pretty sure that this IP range is ready to block (at least for a while)

Lord of the Rings · #4 (**permalink**) June 20th, 2011

Quote:

Originally Posted by ToNneTje

True, but i'm online 24/7 as Ultrapeer and i'm having connections from this range for months now... sometimes 20 or more, all of them using an old Limewire version and none of them with sharing files... that's why i'm pretty sure that this IP range is ready to block (at least for a while)

arne_bab or GregorK may know a method of banning client versions. This might be better than ip ban ranges. Or perhaps using a combination with the worst users.

I confess, my LW has large ban ranges. lol I suspect people are paranoid about sharing in come countries nowadays. I don't mind those starting up, but when people see you downloading their files & deliberately remove those files from shares, that annoys the heck out of me. Especially when they have 8,000 of my files to choose from & are usually downloading rapidly from me at the same time.

I think I posted about my annoyances about such users in a private forum section here beginning of year.

What versions of LW are you talking about?

(One issue with a large ban list is it makes Java run out of memory easily. Also becomes slow writing to the settings files. I recognised that LW at least would work best if shared, incomplete downloads, keyword filters, ban list, etc. were each written to different files instead of only the limewire.props, downloads.dat & library5.dat files. Seems to use heaps of memory for a program to read many lines of a setting file as it seeks all the way through it to write again to the appropriate location. Ideally, splitting the file into two files if beyond a certain number of lines of text. 8,000 shared files, that's a lot for the program to read through & rewrite to. Same applies for large number of incomplete files. And a large ban list means the program is forever re-checking the file searching the settings document.
LW seems to have a maximum set use of RAM. Ideally, it would access more RAM and use virtual memory when needed. I have 16 GB of RAM and 4 x 1 TB HDD's, yet LW (LPE) only uses 250 to 300 MB of RAM & 350-500 MB of VM on MacOSX (Some versions of LW 4 used to be a VM hog.) Yet at times the LW 5 program freezes due to Java memory issues.
For Phex, I am only sharing 2,500 files so have not tested its memory limitations or how it handles memory compared to LW. Phex's RAM use for me is similar to LW5, a little less.)

GregorK · #5 (**permalink**) June 21st, 2011

We are using CIDR notation to optimize memory use of ban rules.
If you like to ban the range 208.93.7.* you need to add the rule:
208.93.7.0 / 24
See: Classless Inter-Domain Routing - Wikipedia, the free encyclopedia

Even though you might need multiple rules to block part ranges, with this notation Phex is able to reduce memory costs for the address range to 5 bytes, which is the smallest it can get. This allows us to store the around 400.000 default address ranges included in Phex in about 2MB of memory. And I'm not worried about handling a few hundred thousand more.

ToNneTje · #6 (**permalink**) June 21st, 2011

Thanks Gregor, gonna try that...

This is the IP i want to block, as you can see this client is very agressive, after blocking there still a lot retries form this IP address:

My screen is not high enough to make a screen of ALL blocked clients (and still nog block all!) with this IP address, the screenshot would be 6 times longer

Sleepless · #7 (**permalink**) June 20th, 2011

Try looking through these threads. Especially the fourth one i.e. http://www.gnutellaforums.com/help-s...locks-ips.html :

site:gnutellaforums.com +phex +"ip-range" filter - Google Search

I'm ashamed to say Google searches Gnutellaforums way better than Gnutellaforums do

ToNneTje · #8 (**permalink**) June 22nd, 2011

It works, i only have to add 1 rule now to block complete IP range ;-)