VPN + PeerBlock - Why Is PeerBlock Picking up Connections??

• 

  SteveBuscemi on 15/04/2015 - 14:01

  -1

  a) VPNs only hide the source/destination/content of your traffic as they travel through the VPN. It prevents man-in-the-middle attacks+analysis. But obviously at both ends of the VPN tunnel (ie, anything running on your PC, and the VPN provider's servers) its still addresses as coming from, or going to, the real IP.

  Once it makes it through the tunnel it's unencrypted and your IP is substituted with your VPN providers, but the destination IP of any of your requests — and the source IP of any responses — aren't changed. Otherwise they couldn't be routed. If Peerblock wasn't picking up any traffic — you wouldn't have any working internet.

  b) Peerblock is snake oil and achieves absolutely nothing other than a false sense of security. The most popular lists block way too many IPs (as in, 25% of the entire IPv4 address range), but more importantly doesn't prevent 'interested parties' from connecting to you. Do you really think blocking a connection from the FBI's IP address allocation prevents them from connecting to you via a standard residential/business ISP connection? Or any 3G/4G device? Or outsourcing it to another company? Or by renting a VPS? Or by using a VPN…just like you??)

  • 

    sleepy120 on 16/04/2015 - 19:23

    If you block the entire ip range of the united States , I find it helps greatly. Does not help when it is outsourced to another country like the current case of the Dallas buyers club tho which was from Germany.

• 

  ag201 on 15/04/2015 - 15:18

  I think I vaguely follow you.

  If I visit website A, using a VPN. The response from website A, should come to the VPNs IP address. And then somehow the VPN transfers that content onto my original IP address. So only the VPN provider should know my real IP.
  When the PB picks up any traffic, shouldn't it pick up all traffic coming from the VPN provider. If all my requests/response are routed through VPN, to PB - VPN should be the source and target.

  Sorry about the confusion, just trying to clear the logic.

• 

  jonathonsunshine on 15/04/2015 - 16:26

  Peerblock simply stops you connecting to certain IP addresses. It doesn't matter if you're connecting through the VPN or directly.

• 

  ag201 on 15/04/2015 - 16:38

  @jonathonsunshine - You mean, if I try to access a website which is blocked by PB, using a VPN - I would still not be able to access the website. I thought a VPN makes the target IP address from a website to its own, so to PB, the traffic shoule be coming from VPN and not the website.
  I have a feeling I do not clearly understand how VPN hides my real IP from the Internet.

  • 

    [Deactivated] on 27/04/2015 - 09:12

    Actually it's more like the other way around, I think VPN is connecting to a remote VPN server, and therefore your IP address that is publicly viewable becomes that VPN server's IP address.

• 

  Praxonar on 30/04/2015 - 09:43

  Think of Peerblock as a simple firewall. I describe it as simple because it lacks features of a standard firewall such as deep-packet inspection, complex rules or even CIDR notation support. However, it is useful in certain scenarios depending on your needs. It is able to filter connections by installing a system driver which is how it picks up any inbound and outbound connections to your private network, but more about that later.

  To clarify, when you're using a VPN you are basically routing your connection through another machine and adopt the public-facing IP address of the remote machine. Any subsequent connections will appear as though they originate from the VPN assigned IP address and not from your ISP assigned IP address. Similar to a proxy, only you have an agreement with the VPN provider and should be wary of their privacy policies.

  A VPN may be forced to disclose information if the VPN provider is subpoenaed so be sure to inquire about what is logged and check out user feedback or previous audits. More importantly, a VPN may be improperly configured and not comply with best practices such as using weak encryption (see PPTP) or selling customer information to undisclosed third parties.

  Regarding Peerblock, it caches a list of pre-configured IP addresses and checks those IPs against incoming and outgoing connections which includes connections on your private network. A generic example is monitoring your DNS queries on port 53, or a DHCP server assigning you an IP address via port 67 and 68. While this information is useful for debugging purposes, it can also be used to block connections to known malicious servers that serve malware.

  I haven't found any article where Peerblock advertises itself as a security solution because for all intents and purposes it is a tool to be used as to how a user sees fit. I can see some people using it to whitelist a select group of sites and running it as a service as a form of parental control (very basic and blocks well known proxies), and have seen people use it to download large game files from a select group of servers for unmetered access due to peering agreements or whatnot by their ISPs. This issue is more relevant now that Steam adjusted its server listings to regional settings. Logically, she also excluded Steam IP addresses from any filtering.

  Personally, I cannot see how Peerblock can be considered snake oil because its intent is not to deceive and does not satisfy the usual tests you would see in a court of law, but that's beside the point. Solutions are catered to specific needs and variables such as scope, relevance, time and expense. I view Peerblock as filtering for single NIC. It doesn't require knowledge of IP tables and is appealing for users who cannot afford the time to configure complex rulesets, in my opinion.

  There are some examples I can think of such as commercial solutions relating to the issue of filtering, however. The renowned Spamhaus project that enterprises, governments and private institutions use to combat spam is quite reliable. Other examples such as CDNs and the adoption of new protocols post-Snowden also illustrates the evolving nature of security. Large MNCs such as Google altered their protocols and soon the adoption of HTTP/2 will be the standard, featuring TLS and other security measures. Many servers lack critical updates and at the time of this writing even ISPs with a large share of the market use weak ciphers and leaving users vulnerable to remote exploits. Hopefully they secure their databases more diligently. Anyway, considering what Snowden elucidated, I think it's pretty clear that what is being exploited isn't the VPN itself, but the browser and technologies surrounding them.

  The way I see it is, Peerblock is filtering and keeping logs of connections on your local private network but isn't communicating this to any remote server. So unless the website serves you with something exploitable, your real IP shouldn't be exposed by simply using a VPN. To bring my post back on point, there are some circumstances where your 'real IP' may be disclosed to a remote server other than your VPN provider. A simple yet famous example would be the WebRTC feature in most contemporary web browsers, but I do not presume to know your reasons for using a VPN so cannot comment any further than that.

  Just my 2 cents FTFY
  I'd suggest bringing this up on ELI5 so someone helpful can provide illustrations or provide a more concise explanation without all the jargon. Sorry for the long post, I just started typing what came to mind while drinking my breakfast.

• 

  johnmeddley on 02/06/2015 - 22:56

  I'm not exactly sure, but I never trust the VPN software not to have IP leaks. To be safe i set my VPN up on my router, not every VPN will let you do it, but just pick one that works on DDWRT. I went with purevpn for this reason, good review here: http://reviewmyvpn.com/pure-vpn/