WindowsSpyBlocker icon indicating copy to clipboard operation
WindowsSpyBlocker copied to clipboard
verified publisher icon crazy-max

Create install script for iptables/sh?

Open OhSoGood opened this issue 9 years ago • 14 comments

Hi Crazy-M A big thank for your time and effort on this project. On routers using the openwrt os, man are already using your host list via the adblock project ( https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md ), enabling to block things at the network level for all win10 plugged in.

To do the same for static IP and so for you firewall list, would it be possible that you create a sh script to set up iptables rules using your static IP files? That'd be great!

Regards WB

OhSoGood avatar Jun 06 '16 09:06 OhSoGood

Hi,

Indeed, we can create an automated script based on firewall rules and hosts files. @elgab has already created an openwrt config file available in data/openwrt folder. Maybe @elgab or @dibdot can contribute and create this kind of script ?

Btw thanks for your support!

crazy-max avatar Jun 06 '16 11:06 crazy-max

adblock for openwrt/LEDE is dnmasq based only. ip based blocking does not work for major sites which are sharing the same ip for different domains, i.e. www-google-analytics.l.google.com vs. youtube.com ... therefore you can't block google-analytics without blocking harmless youtube videos on ip level.

dibdot avatar Jun 06 '16 13:06 dibdot

I've put together all existing win7, 8.1, 10 firewall rules and ended up with 213 iptables rules. Getting heavy load and speed decreased from 100 to 65 mbit, so a all in one solution for the 3 operating systems will not work well on average single core routers? I should focus only on Win10 and aim only the nasty hardcoded IPs, to keep the rules count low.

elgab avatar Jun 08 '16 04:06 elgab

Maybe also you can gather some of the rules - I saw there are several IP that are continuous, so they could be replaced by ranges or CIDR.

Le 08/06/2016 à 06:16, elgab a écrit :

I've put together all existing win7, 8.1, 10 firewall rules and ended up with 213 iptables rules. Getting heavy load and speed decreased from 100 to 65 mbit, so a all in one solution for the 3 operating systems will not work well on average single core routers? I should focus only on Win10 and aim only the nasty hardcoded IPs, to keep the rules count low.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/crazy-max/WindowsSpyBlocker/issues/13#issuecomment-224482988, or mute the thread https://github.com/notifications/unsubscribe/ABuaypQ7dSIbj1lTfH62GmIKuBidOTk1ks5qJkIVgaJpZM4IuvQK.

OhSoGood avatar Jun 08 '16 06:06 OhSoGood

Yes, i will try to figure out some patterns in the IP list I guess we can discard the 4th number after the dot, deduplicate list and add 0/24 The 2.18.213, 65.52.100, 204.79.197 groups from win10spy can be proactively extended to a /24 prefix.

elgab avatar Jun 09 '16 16:06 elgab

For some ip addresses i have to manage geoloc because Microsoft uses CDNs so some IPs are RIPE NCC specific. On the next release i will try to figure this out.

crazy-max avatar Jun 10 '16 07:06 crazy-max

Hello. Wouldn't an ipset work better than hundreds of iptables rules? Perhaps something like this:

  • winspy.ipset

create winspy-tmp -exist hash:net family inet hashsize 16384 maxelem 102400 create winspy -exist hash:net family inet hashsize 16384 maxelem 102400 add winspy-tmp 13.76.219.191 ... add winspy-tmp 213.199.179.0/24 swap winspy winspy-tmp destroy winspy-tmp

We can get IP addresses via wget or curl from github (some formatting must be made though).

  • firewall.user

cat winspy.ipset | ipset restore iptables -I INPUT -m set --match-set winspy src -j DROP

After that, reload the firewall via /etc/init.d/firewall restart This might be wrong since I am not sure which iptables chain should be used.

transient-sepia avatar Jul 06 '16 20:07 transient-sepia

Meant to reply earlier. We had a storm come through and I've spent the last day or so cleaning up. I get what you are trying to do. However, I am not technically savvy enough to actually know how to do this. On 7/6/2016 3:20 PM, transient-sepia wrote:

Hello. Wouldn't an ipset work better than hundreds of iptables rules? Perhaps something like this:

  • winspy.ipset

|create winspy-tmp -exist hash:net family inet hashsize 16384 maxelem 102400| |create winspy -exist hash:net family inet hashsize 16384 maxelem 102400| |add winspy-tmp 13.76.219.191| |...| |add winspy-tmp 213.199.179.0/24| |swap winspy winspy-tmp| |destroy winspy-tmp|

We can get IP addresses via wget or curl from github (some formatting must be made though).

  • firewall.user

|cat winspy.ipset | ipset restore| |iptables -I INPUT -m set --match-set winspy src -j DROP|

After that, reload the firewall via |/etc/init.d/firewall restart| This might be wrong since I am not sure which iptables chain should be used.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/crazy-max/WindowsSpyBlocker/issues/13#issuecomment-230894002, or mute the thread https://github.com/notifications/unsubscribe/ATXcOgAYZh08WvpHMPrQdZn9zCuT-cmbks5qTA4DgaJpZM4IuvQK.

share3141 avatar Jul 08 '16 21:07 share3141

May I ask the purpose of blocking Windows OS specific spying on Linux workstations? Beyond the pentesting benefits, that is.

ghost avatar Mar 23 '19 10:03 ghost

@existential-fallacy this post is specifically for users with Windows OS and capable router firmware that can block all those spy IP's before they even reach the Windows workstation. If you using Linux as your main OS there is no benefits of blocking the IP's,but there are still benefits of using the hosts format just for extra protection when browsing some of the Microsoft's websites.

dnmTX avatar Mar 23 '19 22:03 dnmTX

@dnmTX , I fully agree regarding what you state regarding:

If you using Linux as your main OS there is no benefits of blocking the IP's,but there are still benefits of using the hosts format just for extra protection when browsing some of the Microsoft's websites.

Thank-you.

ghost avatar Mar 25 '19 13:03 ghost

Okay I don’t get it. Why are there no benefits if you are using Linux to blocking IPs? I have a router that I use to block certain IPs such as double click. I have iPhones, PCs with windows and PCs with Linux going through this router. Am I just deluding myself?

Content reviewed, logged and transmitted via NSA servers

On Mar 25, 2019, at 08:10, Existential Fallacy [email protected] wrote:

@dnmTX , I fully agree regarding what you state regarding:

If you using Linux as your main OS there is no benefits of blocking the IP's,but there are still benefits of using the hosts format just for extra protection when browsing some of the Microsoft's websites.

Thank-you.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

share3141 avatar Mar 25 '19 13:03 share3141

@share3141 ,

The benefits can be powerful, though it can become resource intensive. Doubleclick is certainly needed to be blocked. Though using iptables _directly in a Linux workstation / desktop / laptop OS is not of use if one is using the full telemetry lists that @crazy-max provides since, e.g., a Debian install won’t be ‘phoning home’ to Microsoft as a Windows 10 install would.

ghost avatar Mar 25 '19 13:03 ghost

What are you guys talking about (for the layperson)? Does this still #1: Have to do with the WPD software of the PC & Phone communicating better with each other & #2: If so, why would they want to Block Windows Updates in Settings especially nowadays when you have a bunch of Day Zero Google Chrome Attacks & Windows Updates averages at least 1 a day of add-ons to Windows Defender now known as Security? That sounds dangerous!

POPSBARRY avatar Mar 25 '22 00:03 POPSBARRY