Tuesday, August 23, 2011

How to Use PeerBlock - A Simple Guide to Using PeerBlock Peer Blocking Software

This guide will show you how to install PeerBlock, and how to use it more effectively. The default installation of PeerBlock blocks many known malicious and/or problematic hosts. By adding additional block lists, you can customize the IP ranges you wish to prevent from communicating with your machine. It is very useful for blocking domains associated with bots / zombies, and known attack ranges.


Preliminary Considerations:

1. A default PeerBlock install will block Microsoft IP addresses. In order for Windows Update to work (and you want this!), you'll need to either allow the MS IPs, or disable PeerBlock and run your update manually.

2. PeerBlock lists may also block domains associated with legitimate programs, such as some antivirus programs, NoScript and others. A big problem is caused by the vast number of programs that have outsourced their net presence to the "cloud" - leading to a lot of confusion about certain hosts (e.g. Amazon, Akamai, e100.net, etc.). It is a good idea to disable PeerBlock temporarily and run these updates manually, or alternatively, add an allow rule for hosts you know are safe.

3. Using block lists does NOT guarantee security. It is simply an added layer.  Your mileage may vary.

Steps:

1. Download PeerBlock. I would suggest getting the latest stable release.

2. Install PeerBlock. You can choose to have PeerBlock run when the system starts, this is recommended as it is very easy to forget to run it.

3. Add Blocklists. PeerBlock comes with some basic and useful blocklists, but you will likely want to add more. Visit I-Blocklist and add the desired lists.  Consider carefully which classes of peers you wish to block. This will be different for everyone, but at minimum adding known hijacked hosts is a good idea.

For each list (on the right side of the page), an update URL is listed. Highlight the text, right-click and select Copy (or "Copy Link Location" in Firefox) (see below):


In the PeerBlock Interface, click List Manager (see below):

Click Add (see below):


Paste the List URL link into the Add URL box. You can also add a description for later reference (see below):



4. Click OK and close the List Manager. PeerBlock should automatically check for updates to these lists.

5. For web browsing, you can click Allow HTTP which will allow HTTP traffic to bypass the block lists. Generally, you need not do this unless a particular website is not working properly. That being said, there may be a good reason for traffic to be blocked. As always, exercise caution.

No comments: