LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-29-2008, 08:13 PM   #31
linuxcbon
Member
 
Registered: May 2006
Posts: 56

Original Poster
Rep: Reputation: 16

I did the experience without hosts or firewall :

Before opening a web site, type # netstat -tc
You will see many
Code:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
No connections are going on, that's clean.

Then open gmx.net, you will see many sites called
Code:
img.ui-portal.de:www  
js.ui-portal.de:www  
ad.la.mediaplex.com:443
rd6.apmebf.com:443 
84.53.141.182:443 
80.231.197.227:www  
adclient.uimserv.net:www
img.web.de:www
Strange, why secure port 443 is used for ads ?

Last edited by linuxcbon; 08-29-2008 at 08:14 PM.
 
Old 08-30-2008, 04:59 AM   #32
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
@linuxcbon: I moved your thread to the Networking forum since it's not really related to Linux Security.


Quote:
Originally Posted by linuxcbon View Post
No connections are going on, that's clean.
That only makes sense on an idle workstation and used by one person.


Quote:
Originally Posted by linuxcbon View Post
Strange, why secure port 443 is used for ads ?
In the case of ads that's easy: because by default a web browser will not block traffic to HTTPS. Therefore it's a nice trick to overcome "simple" blocking measures.


On a personal note blocking ads and trackers is a Sisyphus task. Using /etc/hosts for that is reminiscent of one having used Mcrsft prdcts. I vaguely remember posting a list way back, but let's see if I can collate what's said plus add some of my own. One important thing to understand is that whitelisting IP addresses or ranges often makes no sense. It is crude. With virtual hosting an IP address does not equal one website but possibly many. Besides that what do you do when ads reside on the same site in a path?... Bottom (system) to top (user):
0. Block general access to ports like HTTPS in conjunction with whitelisting those sites you explicitly allow it for in your firewall.
1. Instead of /etc/hosts enable the 'nscd' service and use a caching DNS server like Pdns. That will speed up lookups, allow you to block IP addresses and allows you to block similarly to /etc/hosts but easier. While malware is a threat most often associated with using mcrsft products I have a script that will convert malware.com.br / malwaredomains.com type of blocklists into includes that pdnsd can handle.
2. The most important addition at this level and offered before is using Privoxy. Simply because it is mature (evolved from Junkbuster), is actively maintained, comes with (restrictive) configuration files you can change easily, blocks by hostname and regex (/some/path/ads.cgi.*), can disable or "transform" page elements etc, etc. Like with Pdnsd it's versatile in that it can accept custom config files, a script that will convert malware.com.br blocklists to something usable is easy to make. There's some sites that host Privoxy blocklists you might want to look at.
3. Basically the user level centers around browser sanity: disabling or regulating HTTPS, media plugins, Java, javascript and cookies on a site by site basis. Opera comes with built-in blocking for Java, plugins, Javascript and cookies and built-in filtering capabilities, all of which can be enabled on a site by site basis. Firefox does not but has plugins like NoScript to mitigate. Other browsers may or may not be maintained as intensively as those two and so using them might expose you to all sorts of problems or risks.
4. Educate yourself. If privacy is your focus then you should have a basic understanding of markup languages. Also do read sites that deal with privacy issues and those that deal with like tricking browsers into Doing Things.


You're entitled to your own opinion. And you're received a lot of contributions people find useful in general. Saying "I do not use Firefox" doesn't cut it in my book. Saying "I do not use Firefox because Opera's built-in Javascript filtering works better" might be disputable but at least people know you know you have given things some thought. Anyone who has been working with filtering solutions would recognise Privoxy as the single most efficient way of blocking things w/o major trade-off wrt performance. Dismissing things without good reasoning only shows you haven't given it thought properly or you don't know what solutions look like ;-p

Last edited by unSpawn; 08-30-2008 at 05:01 AM.
 
Old 08-30-2008, 12:21 PM   #33
linuxcbon
Member
 
Registered: May 2006
Posts: 56

Original Poster
Rep: Reputation: 16
I don't follow advice because I experiment and learn by doing.
That 443 trick is mean and I need https for my emails.
Plus the fact that ips cannot be blocked by /etc/hosts
I need to read about dns servers and proxies. I used privoxy before but I looked for something simpler. Now time for me to experiment. Cheers.
 
Old 08-31-2008, 05:33 AM   #34
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
Quote:
Originally Posted by linuxcbon View Post
I don't follow advice because I experiment and learn by doing.
Learning things the hard way, eh?.. Laudable. Definately.


Quote:
Originally Posted by linuxcbon View Post
That 443 trick is mean and I need https for my emails.
Computing is simple: it either works or it doesn't. There's absolutely nothing "mean" about using HTTPS.


Quote:
Originally Posted by linuxcbon View Post
Now time for me to experiment.
Good luck with it. let us know what set of measures you came up with in the end. If there isn't one already on the subject maybe you could even turn it into a LinuxAnswer...

Last edited by unSpawn; 08-31-2008 at 05:44 AM.
 
Old 09-18-2008, 08:14 PM   #35
linuxcbon
Member
 
Registered: May 2006
Posts: 56

Original Poster
Rep: Reputation: 16
New experiment

I tried TCPDUMP
When no connection ongoing and no /etc/hosts file, I do
Code:
tcpdump -w output.txt
I open gmx.net
When page is fully loaded, I type CTRL C
I got
Code:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
849 packets captured
1698 packets received by filter
0 packets dropped by kernel
Code:
# tcpdump -r output.txt | more
shows following sites called :
www.gmx.net --> MAIN SITE
img.ui-portal.de --> DESIGN
js.ui-portal.de --> DESIGN
adclient.uimserv.net --> ADS
pixelbox.uimserv.net --> ADS
gmx.ivwbox.de --> ADS
img.web.de --> ADS
fips.uimserv.net --> ADS

I update the hosts file with ads entries, I got :
Code:
# tcpdump -w output.txt
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
610 packets captured
1220 packets received by filter
0 packets dropped by kernel
Which is better.
Another nice tool to check connections
 
Old 09-19-2008, 04:37 AM   #36
linuxcbon
Member
 
Registered: May 2006
Posts: 56

Original Poster
Rep: Reputation: 16
There is a online tool which shows all connections :

http://performance.webpagetest.org:8080/

It's easy to use and useful !
 
Old 09-19-2008, 05:04 AM   #37
linuxcbon
Member
 
Registered: May 2006
Posts: 56

Original Poster
Rep: Reputation: 16
See that page for results :

http://performance.webpagetest.org:8080/result/9AG/1/details/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting things straight: Apache, SSL, Multiple External IPs / Internal IPs robin.com.au Linux - Server 21 10-14-2007 12:39 AM
advertisement: Don't install Linux? [KIA]aze General 15 02-24-2007 02:24 PM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 11:06 AM
Advertisement blocking thegreatgatsby Linux - Software 2 09-23-2003 01:09 PM
Router Advertisement Deamon qnguyendang Linux - Networking 2 02-12-2003 06:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration