ChipMaster
/
Poor-Mans-IDS
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
The Poor Man's (or Woman's) Intrusion Detection System
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
133 KiB
 
 
 
 
Tree: bb0278f2a5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bb0278f2a5'
${ noResults }
Poor-Mans-IDS/blacklists
Jon Foster 8e24e716e5 Start blacklist collection 2 years ago
..
README.md Start blacklist collection 2 years ago
hosts Start blacklist collection 2 years ago

README.md

ChipMaster’s Black Lists

These are provided simply for the curious. I’m actively using these lists to block traffic I don’t want happening. I’m very militant about traffic on my network. I don’t want my computers doing anything I didn’t ask it to do. So I block for the following reasons:

  1. I find a program reaching out across the net when there is no visual reason for them to do so. This could be any number of things like: update servers, feature use tracking, DRM tracking, ...

  2. Website advertisers: IMO these are particularly nasty. Its not that I necessarily have anything against a site funding itself with ads. Although some sites are rude in how they place them or they perform rude, malware like actions. But the REAL risk, as far as I’m concerned, is that many cyber-thugs use ad services to distribute malware. Unfortunately the ad services don’t seem to have any interest in vetting their scuzz.

  3. Some host names are specifically used for tracking, like “g00gle analytics”. I have nothing against a site owner wanting to know how their site is being used. All of us, with websites, want to know how popular the site is and specifically which pages are the most viewed and common occurring browse patterns, to tell us how we may be able to better our sites. But off-site trackers slow down my browsing experience and someone as massive as g00gle can aggregate this with a lot of other data sources to learn and sell waaay too much about me.

  4. I want to deliberately block updates. Although as a Linux user that’s not usually my concern. But I do it for clients to prevent M$ and others from breaking stuff. I also do it so I won’t be constantly hounded by “I can’t update” or “there is a new version” messages.

  5. Unknown traffic being generated by device X, like Android devices. What on earth are they busy chattering about? That’s malware like activity. Or maybe its real malware activity? =-O

  6. Some location was causing me to wait. Common examples are the “like” buttons for major social networks. The off-site hosted code is either large, on a slow server or behaving in suspicious manner like taking too much CPU power. I’ve had some of those literally lock a machine up until I kill them. If nothing else this is extremely poor coding but it could be worse.

  7. I just don’t know what its for and I notice nothing wrong when I block it. :-D

  8. Something in its behavior alerts me to potential danger.

And there are other reasons something might tweak me funny and I say, “That’s enough of that.”

All of that to say that the things I’m blocking might not actually be bad but they annoy me for one reason or another and it may just be a philosophical disagreement on my part. But think about the enormous amount of browsing information that can be accumulated by g00gle simply hosting popular JavaScript libraries and then linking that to your g00gle login...

Use any of this at your own peril.

  • ChipMaster