It seems some students have released a study that features some of our own work, but more importantly confirms our justification for asking folks not to use badly maintained blocklist programs.
http://www.cs.ucr.edu/~anirban/Anir-networking07.pdfTo the best of our knowledge, this work is the first to quantify the probabilitythat a user will be monitored i.e. interact with a suspicious IP address.
Using Planetlab, we conduct large-scale active measurements, spanning a period of 90 days, from January to March 2006, spread over 3 continents, yielding nearly
100 GB of TCP packet header data.
A naive user is practically guaranteedto be monitored: we observe that 100% of our peers run into blocklisted users.
In fact, 12% to 17% of all distinct IPs contacted by a peer are blocklisted ranges. Interestingly, a little caution can have a significant effect: the top five
most prevalent blocklisted IPs contribute to nearly 94% of all blocklisted entities
we ran into.
This information can help users to reduce their chances of beingmonitored to just about 1%.
We observe that a whopping 99.5% of blocklisted IPs contacted either belong to BOGON, commercial entities, educational institutions and others.
Among all blocklisted IPs contacted, about 0.5% could actually be traced back to record companies, such as Time Warner Inc.
This is a clear indication of the miniscule presence of record companies trawling P2P networks in a proactive manner.
For those who may not know what Bogon means its simply a name given to entities that are using IP ranges that have not been issued for use on the internet, normally listed as "unallocated".
As is clear above a majority percentage of the lists used by PG/Blutack has nothing to do with peer to peer activity and adding government and schools to the blocklists may make the programs look impressive in that connections are being blocked, but its more than likely your kid brother trying to connect from school than the big bad wolf.
I think most folks are impressed when we can claim 100% accuracy with the well maintained winmx blocklist we use and expect big organisations like blutak to be able to do the same, alas they fail miserably, after all would you trust an organisation that has blocklisted itself on more than one occassion ?
