ChipMaster
/
Poor-Mans-IDS
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
The Poor Man's (or Woman's) Intrusion Detection System
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 Commits
1 Branch
133 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Poor-Mans-IDS/blacklists/README.md

README.md 3.0 KiB
Raw Permalink Normal View History

Start blacklist collection
2 years ago
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. ChipMaster's Black Lists

  2. ========================

  3. 

  4. These are provided simply for the curious. I'm actively using these

  5. lists to block traffic I don't want happening. I'm very militant

  6. about traffic on my network. I don't want my computers doing anything

  7. I didn't ask it to do. So I block for the following reasons:

  8. 

  9.  1. I find a program reaching out across the net when there is no visual

  10.     reason for them to do so. This could be any number of things

  11.     like: update servers, feature use tracking, DRM tracking, ...

  12. 

  13.  2. Website advertisers: IMO these are particularly nasty. Its not

  14.     that I necessarily have anything against a site funding itself

  15.     with ads. Although some sites are rude in how they place them or

  16.     they perform rude, malware like actions. But the **REAL** risk,

  17.     as far as I'm concerned, is that many cyber-thugs use ad services

  18.     to distribute malware. Unfortunately the ad services don't seem

  19.     to have any interest in vetting their scuzz.

  20. 

  21.  3. Some host names are specifically used for tracking, like "g00gle

  22.     analytics". I have nothing against a site owner wanting to know

  23.     how their site is being used. All of us, with websites, want to

  24.     know how popular the site is and specifically which pages are the

  25.     most viewed and common occurring browse patterns, to tell us how

  26.     we may be able to better our sites. But off-site trackers slow

  27.     down my browsing experience and someone as massive as g00gle can

  28.     aggregate this with a lot of other data sources to learn and sell

  29.     waaay too much about me.

  30. 

  31.  4. I want to deliberately block updates. Although as a Linux user

  32.     that's not usually my concern. But I do it for clients to prevent

  33.     M$ and others from breaking stuff. I also do it so I won't be

  34.     constantly hounded by "I can't update" or "there is a new

  35.     version" messages.

  36. 

  37.  5. Unknown traffic being generated by device X, like Android

  38.     devices. What on earth are they busy chattering about? That's

  39.     malware like activity. Or maybe its **real** malware activity?

  40.     =-O

  41. 

  42.  6. Some location was causing me to _wait_. Common examples are the

  43.     "like" buttons for major social networks. The off-site hosted

  44.     code is either large, on a slow server or behaving in suspicious

  45.     manner like taking too much CPU power. I've had some of those

  46.     literally lock a machine up until I kill them. If nothing else

  47.     this is extremely poor coding but it could be worse.

  48. 

  49.  7. I just don't know what its for and I notice nothing wrong when I

  50.     block it. :-D

  51. 

  52.  8. Something in its behavior alerts me to potential danger.

  53. 

  54. And there are other reasons something might tweak me funny and I say,

  55. "That's enough of that."

  56. 

  57. All of that to say that the things I'm blocking might not actually be

  58. _bad_ but they annoy me for one reason or another and it may just be

  59. a philosophical disagreement on my part. But think about the enormous

  60. amount of browsing information that can be accumulated by g00gle

  61. simply hosting popular JavaScript libraries and then linking that to

  62. your g00gle login...

  63. 

  64. Use any of this at your own peril.

  65. 

  66. - ChipMaster

  67.