| 1 |
Hello, |
| 2 |
|
| 3 |
On Wed, Oct 4, 2017 at 12:28 AM, Walter Dnes <waltdnes@××××××××.org> wrote: |
| 4 |
> I have some doubts about massive "hosts" files for adblocking. I |
| 5 |
> downloaded one that listed 13,148 sites. I fed them through a script |
| 6 |
> that called "host" for each entry, and saved the output to a text file. |
| 7 |
> The result was 1,059 addresses. Note that some adservers have multiple |
| 8 |
> IP address entries for the same name. A back-of-the-envelope analysis |
| 9 |
> is that close to 95% of the entries in the large host file are invalid, |
| 10 |
> amd return "not found: 3(NXDOMAIN)". |
| 11 |
> |
| 12 |
> I'm not here to trash the people compiling the lists; the problem is |
| 13 |
> that hosts files are the wrong tool for the job. Advertisers know about |
| 14 |
> hosts files and deliberately generate random subdomain names with short |
| 15 |
> lifetimes to invalidate the hosts files. Every week the sites are |
| 16 |
> probably mostly renamed. Further analysis of the 1,059 addresses show |
| 17 |
> 810 unique entries, i.e. 249 duplicates. It gets even better. 44 |
| 18 |
> addresses show up in 52.84.146.xxx; I should probably block the entire |
| 19 |
> /24 with one entry. There are multiple similar occurences, which could |
| 20 |
> be aggregated into small CIDRs. So the number of blocking rules is |
| 21 |
> greatly reduced. |
| 22 |
> |
| 23 |
> I'm not a deep networking expert. My question is whether I'm better |
| 24 |
> off adding iptables reject/drop rules or "reject routes", e.g... |
| 25 |
> |
| 26 |
|
| 27 |
If you want to filter connections based on IP, then use iptables or |
| 28 |
the newer alternative, nftables. Nftables is faster and more |
| 29 |
configurable. |
| 30 |
|
| 31 |
I suggest the Wikipedia page before the documentation: |
| 32 |
https://en.wikipedia.org/wiki/Nftables. |
| 33 |
|
| 34 |
If you want to block advertisements, you should use a content aware |
| 35 |
system that is integrated into a browser and that is maintained by |
| 36 |
lots of people at the same time. You should also consider blocking |
| 37 |
JavaScript. |
| 38 |
|
| 39 |
Cheers, |
| 40 |
R0b0t1 |
Archives