valvaris

Level 4
Verified
Hello to all,

I would like to start off with why this post emerged and should be part of a security setup.
>>><<<>>>DISCLAIMER-START<<<>>><<<
For all Posted Applications and Lists
1. I am not responsible for damaged Hardware / Software of any kind
2. I do not own or am affiliated to the company / developers linked here
3. This is not a sponsored thread and do this as part of my hobby
4. Have fun and share your findings / experiences
>>><<<>>>DISCLAIMER-END<<<>>><<<

There are things out there that blow my mind on how much effort was stuck to a project and how it developed.
====-------------------------------------------------------====
No Browser Extensions are mentioned here!
====-------------------------------------------------------====
Here are a few that I know of and what they do in short:


So what is what?

Adguard and Adlock
Are OS System-wide Ad/Privacy Blockers that means on the installed OS (Windows) the complete OS is protected! Both have build in HTTPs Inspection with build in CA (Certificate) Install. The Protection is made from Blocklists in the Easylist pattern format - In terms of Adguard they are public and can be viewed here: Adguard Documentation

Pi-hole
Is a to make it simple a local DNS Server with Black- and Whitelists. So it blocks things already at the DNS Level... and that is it!

eBlocker
eBlocker is a total different monkey it is a Network-wide (Privacy-Blocker). Just imagine Adguard Desktop but for all devices including IoT - The other part it does all that without the need to install a extension in the browser. It is compatible to DNS Domain-Lists (Black and Whitelists), Easylist Patterns, Squid-ACL-List and more... (HTTPs Inspection with exclusion List Preloaded) and lots more features...

--------- WARNING about eBlocker on Amazon.de -----------
Please do not buy eBlocker Products on the Amazon Site:

ASIN B01LZZLYAC
ASIN B071S8RZDK
ASIN B01M0B5WAL
ASIN B074RYY67N
ASIN B074S2ST2R
maybe more...

The reason is that the Subscriptions Provided are "NOT VALID"!

I am sorry not to research on Amazon.com - The reason for this update is to protect "YOU" not the Company behind eBlocker or the sellers!

Trutzbox
I try to test this next month coz the cost is harsh...

Rattrap
What is RATtrap’s speed rating?
While we make every effort to keep your speed operating at optimal capacity, it is important to know that if you have a 300 Mbps (Megabits per second) or greater service speed tier with your Internet provider, you will see a decrease in throughput. RATtrap’s default security protection processes between 150-180 Mbps. We do offer a “Speed Boost” option in RATtrap’s Device Settings and in general we can process between 250 – 270 Mbps on average.If this is a limiting factor for you, please reach out to us at hello@iotdef.com and let us know. We would like to keep you informed on any upcoming hardware revisions that provider higher capability as that is the current limiting factor.

Link to Rattrap FAQ -> Faq – RATtrap

All other Projects that are not mentioned is that I really could not find the time to test them and share my experience with you all.

Here are my Lists that I use:

Domain-Lists

Pattern-Lists


Please be fair and if you like a project buy or donate to it!

Credit goes to the following Users that help out to build this Topic:



Best regards
Val.
 
Last edited:

valvaris

Level 4
Verified
@oldschool l @Umbra and MalwareTips Members,

if so requested I can post a few tips and tricks to setup eblocker since I have this currently in use right now and makes creating screenshots super easy. :D

For example:

Initial Setup (eblocker) goes to a very specific mode that injects itself to the network by default:
(eblocker only filters over IPv4 Protocol!) - Please do not forget to switch off IPv6 already at the Router!

eblocker modes.png


For more just give me some feedback. ;)

Best regards
Val.
 

valvaris

Level 4
Verified
There's also Adguard Home

Thanks for the heads up about Adguard Home!
I know that product very well and sadly it is very similar to Pi-Hole in terms of functions and only filters at the DNS Level.
Gona add this to the list ^^ @Azure

Many thanks again
Val.

----------- Can not update top-level topic --------------

 

oldschool

Level 56
Verified
Thanks for the offer @valvaris. I'll have to look into this. Raspberry 4 are hard to come by right now because they are so popular.

I am impressed that these folks are so dedicated to the concept that they've taken it open-source. From my vantage point, it looks as if these things happen more outside the U.S. - taking a bankrupt company open-source to continue a project, make a living but not necessarily make a real killing $$$$ doing it. I just don't see it happening here as much.

/Edit: I've bookmarked your post.
 
Last edited:

valvaris

Level 4
Verified
No specific lists to stop encryption in the browser, as far as I can see.
If you insert the "crypto" tag in the FilterList, you will find 8 pages of specific lists.
For the reason of "Crypto Currency" Filtering - I do not see a point on adding that for specific reasons:
- Best way to block something like that is User-Behavior and Script-Blockers.
- The other part is how the code gets injected to the browser. Cleaning out the cache or use a closed environment that resets itself like Windows Application Guard.

Of course other weak-points are possible. That is why a User should always lookout for strange behavior in the network-side of things. ;)

For last but not least I do not understand what you try to say about "stop encryption in the browser" - So im sorry for misunderstanding your statement.

Best regards
Val.
 

Sampei Nihira

Level 6
Verified
For the reason of "Crypto Currency" Filtering - I do not see a point on adding that for specific reasons:
- Best way to block something like that is User-Behavior and Script-Blockers.
- The other part is how the code gets injected to the browser. Cleaning out the cache or use a closed environment that resets itself like Windows Application Guard.

Of course other weak-points are possible. That is why a User should always lookout for strange behavior in the network-side of things. ;)

For last but not least I do not understand what you try to say about "stop encryption in the browser" - So im sorry for misunderstanding your statement.

Best regards
Val.

Look at Nocoin:

 

valvaris

Level 4
Verified
Look at Nocoin:

That is exactly what I try to say if even one of the NoCoin (Crypto Currency) got active. Something already happened! In terms already too late because something got infected. ;)

But thanks for the list since I use a Sophos XG Firewall :)

@all I’ll try to get in touch with a mod like this I can update the first topic with links to lists.

Best regards
Val.
 

HarborFront

Level 54
Verified
Content Creator
Old News... :)

That is the reason they went Open-Source... -> View Link plz
I'm not sure how their fund flow is going to be like in the long run if they are asking for donations.

How about the speed limitation of RATtrap device?

Quote

What is RATtrap’s speed rating?
While we make every effort to keep your speed operating at optimal capacity, it is important to know that if you have a 300 Mbps (Megabits per second) or greater service speed tier with your Internet provider, you will see a decrease in throughput. RATtrap’s default security protection processes between 150-180 Mbps. We do offer a “Speed Boost” option in RATtrap’s Device Settings and in general we can process between 250 – 270 Mbps on average.If this is a limiting factor for you, please reach out to us at hello@iotdef.com and let us know. We would like to keep you informed on any upcoming hardware revisions that provider higher capability as that is the current limiting factor.

Unquote

 

valvaris

Level 4
Verified
Topic Update - Highlighted - The No Browser Extension part...
====-------------------------------------------------------====
No Browser Extensions are mentioned here!
====-------------------------------------------------------====
It is my fault to not make it more clear.

I want to thank @Sampei Nihira for understanding :D

Sincerely
Val.
 
Last edited:
  • Like
Reactions: Handsome Recluse

valvaris

Level 4
Verified
I am a simple person but still I like a challenge.

What is this about?
I already approached Pi-Hole and they seem not to be interested to combine efforts with the dev.-team of eBlocker.

So what?
The idea behind it is to have eblocker do the pattern blocking and Pi-Hole the the recursive DNSSEC with the extension unbound.


What does that mean?
eBlocker has HTTPs inspection and pattern files that look inside packet for things that match. Pi-Hole can secure your DNS query and be the first point of contact. For the DNSSec chain...

projeblockerpihole.png


Is it not redundant?
It is not because eBlocker only supports Uplink DNS - So we use this to our advantage and forward that to the Pi-Hole -> That does a recursive DNSSec query and accepts trusted responses from the Root-DNS-Servers. :)

What should that accomplish?
Mainly getting rid of Uplink DNS Servers (Never know who to trust!) - Plus traffic can be intercepted since it uses old DNS Protocol (eblocker)

Feedback will come in soon - My new Raspberry Pi 4 is incoming. ^^

Best regards
Val.
 
  • Like
Reactions: harlan4096
Top