Is a simple method of blocking a particular domain name or IP address set available

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Is a simple method of blocking a particular domain name or IP address set available

Bret Busby-2
Hello.

I am running UbuntuMATE 16.04.

Continuous Internet traffic is shown to be occurring.

Etherape shows it to involve a single domain name (llnw.net) and its
IP address set (117.121.253.xxx).

I have tried to add a rule to deny it, using the Ubuntu firewall
software available through the Control Centre, but it requires, and,
limits each rule to, a single port number (which I do not know how to
find, for the traffic).

Is a simple method of blocking a particular domain name or IP address
set available, so that I can deny access to this domain name and/or
its IP address set?

Searching for the problem, shows that it is an international problem,
with this particular domain name (it is one of its subdomians, that
applies to this particular problem for me; the geographical Australian
subdomain, in my particular case, and, similarly for other localised
subdomains, for people in other countries), but I can't figure how to
deny the access for the domain name.

It seems to me, to be spyware.

Thank you in anticipation.

--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Is a simple method of blocking a particular domain name or IP address set available

Colin Watson
On Thu, May 17, 2018 at 10:48:25PM +0800, Bret Busby wrote:
> Continuous Internet traffic is shown to be occurring.

You generally want to establish and be clear about whether it's inbound
or outbound.  In my answer below I've covered both, but I expect only
one direction is actually relevant.

> Etherape shows it to involve a single domain name (llnw.net) and its
> IP address set (117.121.253.xxx).
>
> I have tried to add a rule to deny it, using the Ubuntu firewall
> software available through the Control Centre, but it requires, and,
> limits each rule to, a single port number (which I do not know how to
> find, for the traffic).

Do you mean ufw?  It accepts a port number, yes, but it's optional.

  sudo ufw deny in from 117.121.253.0/24
  sudo ufw deny out to 117.121.253.0/24
  sudo ufw enable

(I know that a graphical interface to this exists, gufw, but I'm not
familiar with it.)

There are many ways to find the port number; big hammers such as
wireshark or tcpdump would show it straight away, or you could use the
-P option to iftop (and -N if you don't want to resolve the port number
to a service name, though ufw can take service names too).

> It seems to me, to be spyware.

Of course, if you actually have spyware installed on your computer (hard
to tell with any degree of confidence from what you've said), then
simply denying its ability to talk to its controller on the internet is
only papering over the problem at best.

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Is a simple method of blocking a particular domain name or IP address set available

Liam Proven
In reply to this post by Bret Busby-2
On Thu, 17 May 2018 at 16:51, Bret Busby <[hidden email]> wrote:

> Etherape shows it to involve a single domain name (llnw.net) and its
> IP address set (117.121.253.xxx).

llnw.net is Limelight Networks, a CDN.

https://en.wikipedia.org/wiki/Limelight_Networks

In other words, harmless in and of themselves. They serve content for their
customers to users.

If you have a video or internet radio station playing, that'd do it. Or
downloads from many sites.

You could just put an entry in /etc/hosts mapping llnw.net to 127.0.0.1 or
something like that.


--
Liam Proven • Profile: https://about.me/liamproven
Email: [hidden email] • Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven • Skype/LinkedIn: liamproven
UK: +44 7939-087884 • ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Is a simple method of blocking a particular domain name or IP address set available

Bret Busby-2
In reply to this post by Colin Watson
On 17/05/2018, Colin Watson <[hidden email]> wrote:
> On Thu, May 17, 2018 at 10:48:25PM +0800, Bret Busby wrote:
>> Continuous Internet traffic is shown to be occurring.
>
> You generally want to establish and be clear about whether it's inbound
> or outbound.  In my answer below I've covered both, but I expect only
> one direction is actually relevant.
>

The traffic is both inward and outward.

>> Etherape shows it to involve a single domain name (llnw.net) and its
>> IP address set (117.121.253.xxx).
>>
>> I have tried to add a rule to deny it, using the Ubuntu firewall
>> software available through the Control Centre, but it requires, and,
>> limits each rule to, a single port number (which I do not know how to
>> find, for the traffic).
>
> Do you mean ufw?  It accepts a port number, yes, but it's optional.
>
>   sudo ufw deny in from 117.121.253.0/24
>   sudo ufw deny out to 117.121.253.0/24
>   sudo ufw enable
>

Unfortunately, that seems to not work - the traffic is persisting.

--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Is a simple method of blocking a particular domain name or IP address set available

Bret Busby-2
In reply to this post by Liam Proven
On 18/05/2018, Liam Proven <[hidden email]> wrote:

> On Thu, 17 May 2018 at 16:51, Bret Busby <[hidden email]> wrote:
>
>> Etherape shows it to involve a single domain name (llnw.net) and its
>> IP address set (117.121.253.xxx).
>
> llnw.net is Limelight Networks, a CDN.
>
> https://en.wikipedia.org/wiki/Limelight_Networks
>
> In other words, harmless in and of themselves. They serve content for their
> customers to users.
>
> If you have a video or internet radio station playing, that'd do it. Or
> downloads from many sites.
>

I have some videos paused, but I had not thought that their servers
would be polling my computer, while the videos are paused, which I
assume is what is happening,l from what you have said.

> You could just put an entry in /etc/hosts mapping llnw.net to 127.0.0.1 or
> something like that.
>

With your
" In other words, harmless in and of themselves"
maybe, with the traffic still occurring after I tried to stop it using
the ufw instructions, I should just leave it alone.

Unless I am told otherwise, then, I will probably do that - just leave it alone.

--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users