Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-03-2007, 05:24 AM
|
#1
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Rep:
|
Blocking Google with Firestarter
Long story short, for various reasons I'm tired of google spying on my web surfing, so I've been monitoring my outbound connections from googlesyndication sites like, er, well, LQ.org and believe I have all their networks blocked now. Thus far my outbound traffic policy denys connections to:
64.233.160.0/19
66.102.0.0/20
72.14.192.0/18
216.239.32.0/19
And it's been working fine except I'm being spammed by firestarter's event notifications:
Time:Jan 3 06:01:30 Direction: Outbound In: Out:eth0 Port:80 Source:192.168.1.111 Destination:66.102.1.104 Length:44 TOS:0x00 Protocol:TCP Service:HTTP
Time:Jan 3 06:01:33 Direction: Outbound In: Out:eth0 Port:80 Source:192.168.1.111 Destination:66.102.1.99 Length:44 TOS:0x00 Protocol:TCP Service:HTTP
Time:Jan 3 06:01:36 Direction: Outbound In: Out:eth0 Port:80 Source:192.168.1.111 Destination:66.102.1.147 Length:44 TOS:0x00 Protocol:TCP Service:HTTP
The GUI gives me the option to disable events by source IP or by port, but the source is me in this case and I still want to be notified of other (non-google) HTTP events.
So I guess I have two questions:
1) Is there a way I can make sure my list of Google network ranges is complete? Or a way to query whois by net block owner rather than IP perhaps? Monitoring traffic all day to find them is becoming quite tedious.
2) Is there a way to ignore/eliminate events based on destination IP? I really like firestarter's little system tray applet (reminds me of BlackICE) but it's almost constantly in a flashing red state since I added google to my blacklist.
TIA for any hints, tips or tricks.
|
|
|
01-03-2007, 06:27 AM
|
#2
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,901
|
Why not just block all of the Google crap with a hosts file? Or just not accepting any cookies form Google?
# [Google Inc]
127.0.0.1 adwords.google.com #[Gmail ads]
127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com #[Google AdWords]
127.0.0.1 adservices.google.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 www.google-analytics.com #[Google Analytics]
127.0.0.1 imageads.googleadservices.com #[TrackingCookie.Googleadservices]
127.0.0.1 imageads1.googleadservices.com
127.0.0.1 imageads2.googleadservices.com
127.0.0.1 imageads3.googleadservices.com
127.0.0.1 imageads4.googleadservices.com
127.0.0.1 imageads5.googleadservices.com
127.0.0.1 imageads6.googleadservices.com
127.0.0.1 imageads7.googleadservices.com
127.0.0.1 imageads8.googleadservices.com
127.0.0.1 imageads9.googleadservices.com
127.0.0.1 www.googleadservices.com
127.0.0.1 show.googleadsenseagent.com
127.0.0.1 www.googlecaches.com
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
Last edited by craigevil; 01-03-2007 at 06:29 AM.
|
|
|
01-03-2007, 12:29 PM
|
#3
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
another good option is to use squid with some ACLs to block google domains... it's a little more powerful than using a hosts file cuz you can use regular expressions to catch addresses which you didn't know were in use (for example, the address "imageads32.googleadservices.com" wouldn't be blocked by the hosts file posted by craigevil)...... squid can also do reverse DNS lookups so that if an IP is used, it will reverse resolve it and then see if it matches any of your ACLs...
just my ...
Last edited by win32sux; 01-03-2007 at 04:42 PM.
|
|
|
01-04-2007, 07:14 PM
|
#4
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Original Poster
Rep:
|
Nice thing about using HOSTS file is browser doesn't hang momentarily waiting for a timeout. It's just too much maintenance for me. If I had a dedicated server for my gateway I'm sure squid would probably work well too. I'd just prefer to block all of google, that way I don;t have to worry about some new hole compromising my privacy.
Anyway, FWIW, after two days of monitoring my google blacklist is now:
64.233.160.0/19
66.102.0.0/20
66.249.64.0/19
72.14.192.0/18
209.85.128.0/17
216.239.32.0/19
|
|
|
01-05-2007, 10:35 AM
|
#5
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Install a small local proxy
I use wwwoffle but there are others (privoxy)
It does some caching, offline browsing, filtering with regexp (hostname,..) and lots of other things.
Redirecting to 127.0.0.1 with host file can be a pain if you have a local webserver or a restrictive firewall.
|
|
|
01-05-2007, 08:58 PM
|
#6
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Original Poster
Rep:
|
I decided to use the hosts file too actually. Still blocking all google traffic with packet filters, my preferred method, but it was just too annoying when accessing sites like LQ.org. Redirecting to 127.0.0.1 in addition to the filter makes site usable again.
Oh, and I do block all cookies by default. Unfortunately that's not enough to keep them from tracking your web surfing (on affiliated sites anyway.)
|
|
|
01-05-2007, 10:07 PM
|
#7
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,901
|
Why so paranoid? Your IP keeps track of everything you do anyway. What is so bad about Google? As compared to say Yahoo, Lycos, Windows Live or any other web directory.
Maybe its time for a Aluminum Foil Deflector Beanie
http://zapatopi.net/afdb/
Perhaps its time to start running MindGuard.
http://zapatopi.net/mindguard/
|
|
|
01-06-2007, 06:32 AM
|
#8
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Original Poster
Rep:
|
Why so worried about people protecting their privacy?
Perhaps it's time to don your swastica and hail homeland security!
|
|
|
01-06-2007, 10:40 AM
|
#9
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,901
|
So you can't answer my questions?
Why so paranoid? Your ISP keeps track of everything you do anyway. What is so bad about Google? As compared to say Yahoo, Lycos, Windows Live or any other web directory.
There is no such thing as privacy online.
Without Anonymization, every computer in the internet communicates using a traceable Address. That means:
* the website visited,
* the internet service provider (ISP),
* and any eavesdropper on the internet connection
can determine which websites the user of a specific computer visits. But then again even with something like Tor+privoxy or JAP your ISP can still track you.
|
|
|
01-06-2007, 12:26 PM
|
#10
|
LQ Newbie
Registered: Apr 2006
Posts: 17
Rep:
|
just use scroogle.org - i think that does pretty much what you want.
and if you're really paranoid, EFF provides something called Anonymizer_Software_EFF.exe - but, as you guessed, it only runs on windoze.
even paranoids have enemies. :-)
|
|
|
01-06-2007, 01:45 PM
|
#11
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,901
|
Personally I like using Google search engine from my browser. Debian gets money for the searches, oh no Google tracks your searches!! Guess what so does almost every other search engine out there. Unless your searching on how to make bombs or something else that would be illegal I don't see what the big deal is.
Tor + Privoxy, and/or anon-proxy hides most of the crap like your IP adress. Not accepting cookies or at the very least setting them to expire each session takes care of a lot of tracking.
|
|
|
01-07-2007, 12:34 AM
|
#12
|
Member
Registered: Jan 2006
Location: Finland
Distribution: Mainly Gentoo
Posts: 119
Rep:
|
I agree with the above comments.
But, nevertheless, if you are really concerned about privacy in and only in websurfing, my vote would go to onion routers, such as Tor[1].
[1] http://tor.eff.org/
|
|
|
01-12-2007, 08:09 AM
|
#13
|
Member
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676
Rep:
|
Hey, I know this thread is a couple days old, but I had a few minutes and was reading.
I am in agreement, the isp knows everything you do. Some mentioned tor and others good suggestions as well. Here is one that wasn't mentioned. I really like it too
AnonOS
http://kaos.to/cms/
They have a live cd I use all the time and it is simply wonderful.
It uses tor out of the box and alot of other nice features.
|
|
|
01-12-2007, 10:11 AM
|
#14
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Original Poster
Rep:
|
Most ISP's don't track users to the extent Google does. At most they're interested in statistics like network utilization. It takes enormous amounts of storage to keep track of every website every user visits. Unless you're in the business of selling that kind of information (as Google is) there's no rational reason anyone would spend that kind of money.
Now, that's not to say the Gestapo, er FBI, doesn't have a Carnivor program running on your ISP's network, but that's another matter entirely.
|
|
|
All times are GMT -5. The time now is 07:45 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|