PeerGuardian blocks Comodo?

Toggie et al"

I just heard that with peerguardian, to block spyware sites etc, that it downloads the p2p lists, due to this users are unable to connect to comodo as all IP`s for comodo are, for some reason within the p2p lists.

Is this an error by "peerguardian? (the IP`s are very specific)

Does “comodo CA” now participate in anti-p2p?

(this is not a personal problem, as I do not use these programs, just curious why those IP`s would be included and blocked)

I switched to CFW to avoid this sort of issue so this matter I hope can be cleared up quickly.

Hi Escalader.

I can’t comment on this, as it’s the first I’ve heard. Just out of interest, where did you hear this information, do you have a link?

Toggie

I’ve been running the new PG2 beta for the last day or so… and I’ve not seen any blocks of Comodo IPs.

Edit: Just updating the latest P2P numbers now.

Nope… updated the P2Ps & I can still post. What’s the IPs involved Escalader?

Edit: All the Comodo CA stuff works as well.

Erm… OK. I don’t use P2P… so, I guess thats why I’m not seeing any blocks. I dumped PG2’s P2P list & found this lot…

P2P IPs.txt(14150): Comodo-1:62.44.74.0-62.44.75.255 P2P IPs.txt(53367): ComodoCALtd:72.20.6.52-72.20.6.63 P2P IPs.txt(53368): ComodoCALtd:72.20.6.76-72.20.6.79 P2P IPs.txt(69354): COMODO:81.187.75.116-81.187.75.116 P2P IPs.txt(69356): COMODO:81.187.76.240-81.187.76.255 P2P IPs.txt(69383): COMODO-RESEARCH-LAB:81.187.164.217-81.187.164.217 P2P IPs.txt(69386): COMODO-RESEARCH-LAB:81.187.167.48-81.187.167.63 P2P IPs.txt(71316): Comodo:82.109.38.200-82.109.38.207 P2P IPs.txt(71466): COMODO Ltd:82.110.55.12-82.110.55.15 P2P IPs.txt(79551): Comodo CA Ltd:85.91.228.128-85.91.228.191 P2P IPs.txt(83306): COMODO-RESEARCH-LAB:90.155.91.64-90.155.91.95 P2P IPs.txt(83715): Comodo Security Solutions Pvt Ltd:125.17.11.112-125.17.11.127 P2P IPs.txt(125391): Comodo CA, Ltd:208.122.24.144-208.122.24.147 P2P IPs.txt(132139): COMODO SYSTEM CO.,LTD:210.196.112.208-210.196.112.215 P2P IPs.txt(148328): Usertrust / Comodo CA Ltd:216.126.201.16-216.126.201.191

But, then again… P2P. Why on earth would you P2P with Comodo? Anyway, Comodo are there along with every other authoritative IP (ie. law enforcement agencies, Government Agencies, etc…) on the planet. So… I suspect the significance of Comodo being there is being misread. Just MHO.

Still doesn’t explain why they’re there at all.

Kail, if you don’t use p2p why do you use peerguardian?

I would imagine that its to stop P2P users from hooking up with the… erm… authorities.

Because it provides me with an excellent log of all IP connections (both in & out).

I would imagine that its to stop P2P users from hooking up with the.. erm.. authorities.
Umm!
Because it provides me with an excellent log of all IP connections (both in & out).
Never having used it, I didn't know it did that :)

OK. I would imagine that its to stop P2P users from hooking up with the… umm… authorities.

Better? :wink:

I know its not what you meant… I’m sorry I just couldn’t resist. What do they say about P2P traffic… 90% is illegal & the other 10% can really get you into trouble. :smiley:

You should try it. It doesn’t conflict with anything & is light on resources.

OK, it seems that the P2P list in PG2 contains any IPs that Log access (doesn’t explain why this is bad for P2P users) or are RIAA/MPAA Spy IPs (didn’t know they had such things) or malicious IPs (spread viruses, etc…). Why are Comodo there? They don’t state any specific reasons other than Comodo are a Certificate Authority (CA)… I’m not sure why a CA is bad for P2P users either.

Paranoia…

Here you go… Phoenix Labs (PG2) get their P2P list from Bluetack & their P2P list includes, aside from the obvious Anti-P2P IPs, the following…

The list also contains all known Government - Military - Science - Research Labs and Bad Education facilities IP addresses collected by the Bluetack Team.

Source: http://www.bluetack.co.uk

Gentlemen:

I wish I could provide a link but as I said in post 1 I heard this. My source is respected by myself but I had no idea it would generate this much excitement.

I don’t use P2P or the PG2 myself so that’s why I don’t have ip’s. But it seems you have them now in this thread. But for me, the question is what does it mean to me ( and other CFW users) who need to block ip’s from receiving packets from my PC that these ip’s have no business obtaining.

Summarizing what I think you have collectively said and my questions now:

(1) the current PG2 list doesn’t stop CFW from updating or trying. I just tried and there are no updates but I don’t have this blocking list.

(2) Comodo does have ip’s in this list which I have copied from the thread here:

P2P IPs.txt(14150): Comodo-1:62.44.74.0-62.44.75.255
P2P IPs.txt(53367): ComodoCALtd:72.20.6.52-72.20.6.63
P2P IPs.txt(53368): ComodoCALtd:72.20.6.76-72.20.6.79
P2P IPs.txt(69354): COMODO:81.187.75.116-81.187.75.116
P2P IPs.txt(69356): COMODO:81.187.76.240-81.187.76.255
P2P IPs.txt(69383): COMODO-RESEARCH-LAB:81.187.164.217-81.187.164.217
P2P IPs.txt(69386): COMODO-RESEARCH-LAB:81.187.167.48-81.187.167.63
P2P IPs.txt(71316): Comodo:82.109.38.200-82.109.38.207
P2P IPs.txt(71466): COMODO Ltd:82.110.55.12-82.110.55.15
P2P IPs.txt(79551): Comodo CA Ltd:85.91.228.128-85.91.228.191
P2P IPs.txt(83306): COMODO-RESEARCH-LAB:90.155.91.64-90.155.91.95
P2P IPs.txt(83715): Comodo Security Solutions Pvt Ltd:125.17.11.112-125.17.11.127
P2P IPs.txt(125391): Comodo CA, Ltd:208.122.24.144-208.122.24.147
P2P IPs.txt(132139): COMODO SYSTEM CO.,LTD:210.196.112.208-210.196.112.215
P2P IPs.txt(148328): Usertrust / Comodo CA Ltd:216.126.201.16-216.126.201.191

(3) Are any of these sites/ip’s there an error? Like an update or beta development or other valid reason, if so then why block them?

(4) One post said the list is being misread? Maybe then how should it be read?

I want to block all sites that need to be blocked as a goal, how do I do that with Comodo as my FW? I can’t really find them all 1 by 1 can I. So I guess I need the worlds best set of blocking sites, which is that list(s) is it PG2. I don’t care about P2P since I don’t use it (I hope)

I hope I not overly paranoid but these days I’m not sure it is possible to no have some valid paranoia.

(1) No, I assume it will just stop P2P connections. Either that or PG2 is not working.

(2) I’m not certain all these IPs are Comodo, since I didn’t check them.

(3) Maybe its because of an error (there are lots of complaints concerning errors). But, my post above explains why Comodo is probably there.

(4) I said… misread. Just because an IP is on that list doesn’t mean that the IP is run by bad people or something, it also doesn’t mean they’re Anti-P2P either (although they are included in the P2P list)… back to point 3. Here’s what the authors of the list said it contains…

This list blocks known anti-p2p companies. It contains p2p trackers like Mediasentry, Mediaforce, and known fake p2p file sources from companies like Overpeer. [u]The list also contains all known Government - Military - Science - Research Labs[/u] and Bad Education facilities IP addresses collected by the Bluetack Team. Basically this list will block all kinds of internet connections that most people would rather not have during their internet travels.
I've underlined where Comodo probably fit in.

Bottom line: You don’t run P2P, so none of these P2P lists are of any relevance to you… or me for that matter.

edit

:THNK, not sure I shouldn’t block sites / ips such as those underlined. What would happen if I did block some and then found connect attempts out? We are saying they are only P2P, and not of concern but do we KNOW. Whole the subject has me puzzled. Easily done! I’m going to block some on that list now and will report later.

I still want the world’s best blocking site list. If a particular ip turns out to be falsely blocked and I really need it could be allowed via rules couldn’t it?

Maybe I really don’t want this huge block list at all. Just a short white list I who I trust, then a simple rule saying if you aren’t in my white list then you don’t get to send me in packets or me to send out packets?

Is this so crazy?

Ok, I’m back I Whois’d the 1st site:

WHOIS results for 62.44.74.0
Generated by www.DNSstuff.com

Location: United Kingdom [City: ]

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Information related to ‘62.44.74.0 - 62.44.74.255’

inetnum: 62.44.74.0 - 62.44.74.255
netname: UK-PIPEX-COMODO-1
descr: Comodo-1

I then blocked in and out for the whole range, moved these 2 rules to the top of the list and tried a CFW update.

It tried and failed, gives Error 106 could not complete update process.

I then allowed both in and out same ranges and the update proceeded okay as before these rules occurred.

So I conclude that the first p2p item listed is a Comodo site in the UK used during CFW updates and is a Comodo site. Someone else should get involved as well to test this.

Does this all seem okay? Did we know UK-PIPEX-COMODO-1 was the update site?

What we need to know is the sites CFW needs to run this forum and the updates to products etc.
If those aren’t in the p2p list then I would block all those p2p ip’s to be on the safe side.

Escalader

error 106 just indicates the server was too busy to respond to your request at the time you tried. basically it’s telling you to try later.

Toggie

Thanks Toogie for your feedback on the error 106 meaning.

Still the ? remains why are “Comodo ip” (this one I id’s is # 1 on the list) on a list of bad guy P2P at all? Maybe they aren’t Comodo sites at all?

I’ll try 2 new tests now.

[font=Verdana]Test 1 Set Up.[/font]

  1. Cleared all logs

  2. removed the IN blocks for 62.44.74.0 - 62.44.74.255 UK-PIPEX-COMODO-1descr: Comodo-1

  3. Blocked TCP/UDP OUTPUT to same ip’s as step 2, this is now my rule 0 on top of list.

  4. Cleared all logs and immediately tried an update

Result, CFW update succeeded, no update available

Conclusion:

OUT TO UK-PIPEX-COMODO-1descr: Comodo-1 not invloved with CFW updates

Test 2 Set Up.

  1. Cleared all logs

  2. Blocked IN for 62.44.74.0 - 62.44.74.255 UK-PIPEX-COMODO-1descr: Comodo-1 rule 0

  3. Blocked TCP/UDP OUTPUT to same ip’s as step 2, this is now my rule 1 on my list.

  4. Cleared all logs and immediately tried an update

Result, CFW update succeeded, no update available

Conclusions:

  1. IN and Our UK-PIPEX-COMODO-1descr: Comodo-1 not invloved with CFW updates
  2. UK-PIPEX-COMODO-1descr: Comodo-1 ip’s can be left in users block lists as no impact on CFW updates (:CLP)

Speculations :-\

This site set DOES not belong to Comodo at all and should be blocked, so for now I have done so! :THNK

I think you may have mis-read my posts on this… to be clear the P2P List produced by Bluetack is not just a list of BAD IPs. It is in fact (in Bluetack’s words)…

It contains p2p trackers like Mediasentry, Mediaforce, and known fake p2p file sources from companies like Overpeer. The list also contains all known Government - Military - Science - Research Labs and Bad Education facilities IP addresses collected by the Bluetack Team.

BTW You’re not seriously considering blocking all 160,160 IPs listed in Bluetack’s P2P list are you? Because you need to realise that these are for P2P applications only & not for all IP traffic. Also adding thousands of IP blocks to CFP will probably slow it down considerably… I don’t think it was designed for that.

On re-reading your post… I spotted something that you may have taken out of context. You say that the Comodo IP “is # 1 on the list”. Erm… I created that list, its an extract of the P2P List where Comodo is mentioned. The number of the left hand side of my first line… 14,150. That is where I found the first Comodo entry, on line 14,150. In any event, the order of the entries is of no significance.