IP Blocking & Blocklists

Using ‘IP Blocking’ and Blocklists


IP blocking/blocklisting is simply a technique used to restrict (block) traffic from any computer that is within a set list or parameters of any given IP range.

While IP Blocking hardly makes oneself anonymous, it can significantly reduce your chances of being tracked by bad groups interested in what you’re doing with your bandwidth. And by no means do blocklists offer 100% effectiveness for file sharing protection. However, when used in conjunction with a proxy server, it can reduce your odds of being caught down to nearly zero.

P2P Blocklists (also known as ‘blacklists’) are lists of IP ranges that are used by known identified malicious groups, or groups affiliated with the MPAA, RIAA and any other anti-piracy organization. Also on the list include most media companies like Sony, EMI, Universal, Time-Warner, Fox and the like. Here’s some examples of who else is on them:

Company/Org. Description
BayTSP Primary service is to search the Internet for copyright infringement.
ESA Entertainment Software Association
BSA Business Software Alliance
MediaDefender Floods file sharing networks with decoy files, log IP addresses of users on P2P networks.
IFPI International Federation of the Phonographic Industry.
MediaSentry Employed by many music, movie, software and television companies to catch IP addresses of users who share files on P2P networks.

Blocklisting ‘Bad’ IP Addresses - Is it really necessary?

Just ask any one of the 20,000 people sued by the RIAA whether or not they think it’s essential to block bad IPs. Certainly the court cases are not won on circumstantial evidence. And for those who’ve settled out of court - they must have been presented with enough alarmingly accurate information about the files in question. Don’t just take our word for it - read this report!

The link between blocklisted IPs and P2P file sharing has been completely confirmed through a study spanning over a three month investigation using various P2P networks and protocols (BitTorrent, Limewire, Gnutella, Emule). The general purpose of the experiment was to see if they could generate “connections” with known ‘bad’ IP addresses while using a variety of file sharing networks. And in a doomsday scenario, thus any connection to a bad IP means a possibility that they are gathering data to potentially use against you in a civil lawsuit. Here’s a quote from the study:

A user without any knowledge of blocklists, will almost certainly be tracked by blocklisted IPs. We found that all our clients exchanged data with blocklisted IPs. In fact, of all distinct IPs contacted by any client, 12-17% were found to be listed on blocklists. Avoiding just the top 5 blocklisted IPs reduces the chance of being tracked to about 1%.

That means 100% of the time, you will exchange data with IPs listed in the bad ranges, and you will be tracked. Take away just the top 5 blocklisted IPs, and your chances go down to 1%. This confirms the validity and effectiveness of using some form of blocklisting when using P2P programs. Safety is surety!

View this study in its entirety here, and another variation of it can be found here.

Using IP Blocking Software

There are a couple of free programs available that are compatible with known blocklists. They are:

Protowall (from Bluetack - B.I.S.S. Forums)

Our Notes about Protowall:

We tested 2 versions of Protowall, the 2.0.1 build 9 version, and the last stable version 1.43, on two different system configurations running WinXP SP2 (one with firewall/antivirus/antispyware) and one with none of these installed. However, we predictably received the error message, “Protowall.sys not loaded” on both systems. We checked the FAQ and proceeded to troubleshoot the problem, but to no avail. The procedures involved are somewhat lengthy, and not for the novice PC user. Using a blocklist is not exclusive to Protowall - it is the blocklists themselves that are required and can easily be imported into the PeerGuardian program instead, with much less hassle to those who generate the error message. Kudos to you if Protowall installs perfectly the first time. If not, don’t fuss too much with it, just move on to PeerGuardian 2.

Protowall installation: First you’ll need to set up an account with Bluetack since it’s mainly a forum site (which you may have to do anyways to obtain the blocklists). Click on the “Downloads” button to the right, and select ‘Protowall’, and select the latest version (for this we selected 2.0.1 - build 9). Where it says “Protowall 2.0.1 Build 9 - Latest Version”, click it to download. Save the file, unzip and install.

PeerGuardian 2

Click to see the Peer Guardian 2 main
windowPeerGuardian 2 is Phoenix Labs’ premier IP blocker for Windows. PeerGuardian 2 integrates support for multiple lists, list editing, automatic updates, and IP blocking, making it the safest and easiest way to protect your privacy on P2P. I recommend this FREE program to any serious P2P user who’s concerned about privacy. PG 2 works with an automatic ‘blocklist’ of known bad IP addresses - (including MPAA, RIAA and MediaDefender affiliates) - that sniff out IP addresses of users that are downloading copyrighted materials. Download it here (and read the FAQ).

Click to see the Peer Guardian 2 installation
windowOur advice: Use this program on “enabled” and be sure to ‘block HTTP’ as well. This program is somewhat memory hungry, so use it only if you’re concerned about protecting the privacy of what you are downloading via P2P and BitTorrent (not regular websurfing). If you’re only trying to block those “Anti-P2P” organizations, then it is advised to select only the ‘P2P’ setting during the install (see image). See “Finding” below to learn which blocklists to install after installation.

If you are running WinXP SP2 and you notice a drop in your Internet speed while running PG 2, be sure to apply the TCP patch we describe here to increase your TCP limit.

You may also notice that the *.torrents now take a little longer to load the seed/peers. This is normal: all IPs sharing that torrent are being checked first in PeerGuardian against the blocklists.

There is also a new version of PeerGuardian for the Mac OS X - download it here.

Finding P2P blocklists

Probably the most comprehensive blocklists are from Bluetack, as they are continuously updated and revised. Plus, they can be downloaded and imported right from the PeerGuardian 2 program. Note that you may or may not require an account in order to import the Bluetack lists into PG 2.

There are three absolutely crucial blocklists required (in regards to P2P safety). They are:

1. The P2P.php list within the PG 2 program (installed automatically).
2. The Bluetack P2P Level 1 list.
3. The Bluetack BOGON list.

NOTE that both P2P blocklists (1. and 2.) are very similar, and certainly contain redundancy in entries. The general consensus is that the Bluetack blocklists are superior to PG 2 (in terms of updates and content) thus we recommend using both concurrently. But besides these two blocklists, perhaps the most important blocklist of all is the Bluetack BOGON list:

BOGON IP addresses, or Bogon Space, are known as unassigned IP addresses and are not publicly used. Hence, anyone using them is very hard to trace and little information can be garnered about the users from these IP ranges. Since anti-piracy groups (and their cohorts) do not wish to be on any blocklist, current data suggest these are likely the most common ranges used nowadays by the more ‘aggressive’ pirate-seekers to gather evidence for lawsuits and prosecution. So it is imperative that these IP ranges are blocked, and that this list be incorporated into PG 2.

Importing the blocklists (In PeerGuardian 2)

To import blocklists within PeerGuardian, you don’t need to visit the Bluetack website to obtain these latest lists - do it right in PG 2. Here’s how to add the blocklists:

1. Run PeerGuardian, select “List Manager”. This will launch the window below. Click the ADD button, the “Add List” popup window will now launch.

[Click to see the Peer Guardian 2 Import List
window](/p2p_extras/pg_list1.gif “Peer Guardian 2 - Importing Lists”){: rel=”lytebox”}

2. Click on the ADD URL button (see below), and then use the dropdown bar to view the available lists. The three important lists are underlined here in the second screenshot below:

[Click to see the Peer Guardian 2 Import List
window](/p2p_extras/pg_list2.gif “Peer Guardian 2 - Importing Lists”){: rel=”lytebox”}[Click to see the Peer
Guardian 2 Import List
window](/p2p_extras/pg_list3.gif “Peer Guardian 2 - Importing Lists”){: rel=”lytebox”}

3. Click the OK button to close the window, and click the RED X

in the upper right part of the first window. This should now import the selected list into PG 2 (and a “Generating List Cache…” popup should be shown):

4. Repeat these steps for each additional list. After all three lists have been added, check the main PeerGuardian window, you should now see this text:
3 Lists: 3 up-to date - 0 failed updating - 0 disabled” like below:

NOTE: If you run into a problem where it says “3 Lists: 1 up-to-date - 2 failed updating - 2 disabled” then you’ll have to visit the Bluetack website and sign up for an account. This will give you the access to their blocklists.

To update the blocklists, click on “Check Updates”. This will check and update all the lists used by PG 2.

Note: There’s also a different blocklist that Bluetack recommends using - the “Level 3″ P2P list. This Level 3 list is not available in the “ADD URL” option of PeerGuardian, however, you can download the file from Bluetack. To add it into PG 2, instead of clicking “ADD URL”, select “ADD FILE” and browse to the location where you saved it.

Something else worth mentioning is the “SafePeer” plugin for Azureus (BitTorrent). IP blocklists can be incorporated right into Azureus without the need to use other IP blocking software. This is resourceful if you utilize Azureus exclusively as your P2P program.

  1. peter42y Says:

    thanks a lot for your explanation. I start using e mule a few days ago without protection and I got some malware. Next I installed peerguardian but I knew nothing about it. your explanation was awesome.There are lists to protect me from spyware and other malicious software ? Thank You

  2. jay Says:

    OK is there any VISTA compatible P2P blocklist software?

  3. bleh! Says:

    yeah i think pg3 should be out soon and that will be only available to vista..

  4. Stanly Says:

    Outpost firewall has a IP Blocker for VISTA 32 & 64bit:

  5. EMZ Says:

    Thanks, great article. On Peerguardian OSX v1.51b the Listmanager has all the lists mentioned added & active on startup, however ‘Allow All’ is not checked for any of the lists and ‘Allow Std’ is checked apart from the ‘Ads,Spyware,Bogon etc’ is this default allow std setup the best way to go ?

  6. sharky Says:

    I’m not 100% sure of the OSX setup for PG; however, when you install the Windows versions, the only blocklist that is on by default is the “P2P” list. Regardless of all that, you’ll still have the option to add as many lists as you’d like. If you select too many blocklists, it can slow down your P2P connections (and even seriously degrade your Internet connection), as too many “good” ones are being blocked.

    Apart from that, “Allow Std” should be adequate, but try to block the Bogon ranges as well. Here’s an interesting site that has multiple IP Blocklists: - I’d recommend that you try to install the IPFilterX (by Nexus23) from that list - it’s a well-maintained blocklist that doesn’t overblock.

  7. Ben Jones Says:

    Ok, there is one problem, and it is highlighted in the article
    “That means 100% of the time, you will exchange data with IPs listed in the bad ranges,”

    Just because it’s listed int he bad ranges doesn’t mean it’s bad. Similarly because you’re communicating with IPs not in the ‘bad ranges’ doesn’t mean they’re good. List makers will accept the latter, but steadfastly refuse to even accept the former.

    If you open the blocklist, and change entries so that where the dsecription said ‘BayTSP’, it now said ‘God’, by the same reasoning that you’ve used to say you’ve blocked antip2p groups, you’ve proved the existance of God, and gone to hell for ignoring him.

    If this sounds silly, thats because blocklists ARE silly. They require a suspension of belief on par with following a cult, and likewise a similar abandonment of common sense. AntiP2P companies don’t publish the IP addresses they use, they don’t tell you if they ask nicely, they have never even included the information in a court filing. The only ways to know are from leaks (like the MD-D leak - see Slyck’s investigation to see how accurate they found blocklists to be based on that) and if you work there. Since there’s only been one leak, it seems that bluetack can only manage what they claim by working for the antiP2P groups. Of course, it’s silly to assume that based on little/no evidence, but then, thats how blocklists are made anyway. Working for AntiP2P would solve a few other riddles though, such as why the people behind blocklists are so hell bent on staying annonymous, and why, despite using the lists, thousands of people still get notices.

    if you want more, lets not forget the UWash study, where using the blocklists got a higher incidence of notices/C+Ds than not. Somewhere on the order of 40% more notices, on half the number of torrent swarms.

    If I were as paranoid as those that run blocklists, i might think that the lists were blocking legitimate peers, and allowingt he antip2p through. That is, after all, what all the independant evidence suggests, while the only evidence supporting blocklists work, comes from the people making the blocklists. Strange that.

  8. Tyler Says:

    Peer Guardian 2 Works for Windows Vista. I have been using it since it has been released and I am happy to say, IT WORKS

  9. jeroen Says:

    Hi, everybodyu

  10. DOW JONES Says:

    My brother Ben above thinks that we buy the fud. Problems is just like the ^DOW has dropped from 14 to 8 we get it. The math doesn’t lie. Same goes for blacklists. The thing my brother Ben doesn’t get is that if I blacklist a cidr number say for example I won’t get another packet from any of those address’s. It’s not a matter of paranoia, it’s a matter of having control.

    Anybody can make a blacklist. A simple experiment is to start running an apache webserver +modsec2 read your logs, and grep out the bad ip’s. Eventually you’ll find entire nets that are bad ip’s.

    But just like I wouldn’t put my money in the ^DOW, instead I would put it in a SAFE. So too you should not rely on the word of my brother Ben above telling you no need to invest in Gold, or T-Bonds, buy some of his leveraged 40:1 CDO’s.

    No thanks Ben, we’ll keep our money under our home safe, where the bankers can not steal it. To fail math is beyond belief. Just like we will *back up our powerful blacklists to a CD* so that if we reinstall our servers they won’t get hit by the same nonsense. We will also SHARE our blacklists. ala for example!

    We don’t need your forced control. Or your false ethics on why we desire to be anonymous. If you don’t know why there is a need to be anonymous, then you don’t know why we need a constitution.

  11. domain Says:

    Nice site! thanks for the great post…%d%a%d%aPeople should read this.

  12. Trackback :: Blocklist for Mac OS X 10.2.8?

    […] I am looking for plain text versions of blocklists, such as the ones described on this page: IP Blocking & Blocklists | THE source for BitTorrent & P2P Tips, Tricks and Info. | FileSha… Ideally, I would like the equivalents of: 1. The P2P.php list within the PG 2 program (installed […]

  13. FredFlimstone Says:

    as knowing some people in the armed forces. they use blocklists as well as anonymous tunneling servers, as well as encryption for there files and torrents while anywhere in the world. as well as using net security programs they create. call them foolish for using these methods in the transfer of information. blocklists are also people who’ve abused port scanning and other methods to try n access your net activity and data.

  14. Donney Says:

    Have you mentioned beethink ip blocker? Another ip blocker program works fine with windows 7 64 bits. In addtion, beethink ip blocker is implemented as an NDIS driver, which is same as look n stop. See more from

  15. Alfred Says:

    Buy cheap international prepaid phone cards.

  16. spyware king Says:

    I’ve found that spyware infects my computer all the time nowadays. I now use a paid for spyware blocker rather than a free one. I got my fingers burnt with a free one which turned out to be spyware itself. The paid ones generally do what they say and I just run it a couple of times a week. I don’t have it on all the time as it sucks my cpu.

  17. RazorBoy143 Says:

    FYI: Level 3 (AKA “Paranoid”) lists can be obtained by going to and using these links:

    Put the 1st url directly into PeerBlock. The 2nd one is for people who want to manually download the list in a ZIP format.

  18. bayilik Says:

    We started to a program as Bayilik Franchise Software. This infos made help us for improve our program. We will send our program for your recommend.