How to block in Windows10 Telemetry with pfsense
-
Perhaps it's a beacon or something on some page you were on that it talking to Bing? Some other plugin you're running? I have no idea either, just wild guesses.
-
… no further plugins, except Cipherfox... ;-)
-
…btw, I did it in the past, with 2 bridged network adapters catch whole internet traffic with wireshark. Is it better to do it on the WAN or on the LAN interface of the pfSense?
On the WAN side the local IP the traffic is comming from should gone, right?
-
Full of blocks to where? What IP(s)? PCBSD runs from a CDN, which might also host any number of other completely unrelated things. Doubt if Microsoft is among those as I believe they use akamai, but knowing list maintainers' penchant for over-blocking, it wouldn't be surprising if they blocked an entire CDN.
-
The specific IP in the post above, same IP again and again.
-
:-\Hi,
I tried to follow these instructions but pfsense is not allowing me to save these hosts as an alias or under any other type. Here is a snapshot of what I am doing https://imgur.com/XpW9uI8
I would also like to block incoming tor exit nodes and I dont see any easy way to add the hundreds of IP's, does anyone know how that can be done on the command line?
Can you kindly tell me the correct way to do this or how I can do it on the command line?
Thanks!
-
The name of the alias may only consist of the characters "a-z, A-Z, 0-9 and _"
You can embed images directly here. No need to link to Imgur.
-
@KOM:
The name of the alias may only consist of the characters "a-z, A-Z, 0-9 and _"
Ok fine but how do I add all these urls?
-
Make an URL alias.
-
@KOM:
Make an URL alias.
That provides the same error and this:
The following input errors were detected:
The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters a-z, A-Z, 0-9, _.
You must provide a valid URL. Could not fetch usable data from 'vortex.data.microsoft.com'. -
Well, considering I have no idea what you've done, all I can say is that it works fine for me and others. Perhaps if you posted some actual useful information about your configuration, we might be able to help you.
An URL Alias is just an URL that points to a file on a web server, and pfSense will load that alias with the content of the text file.
-
@KOM:
Make an URL alias.
That provides the same error and this:
The following input errors were detected:
The alias name must be less than 32 characters long, may not consist of only numbers, and may only contain the following characters a-z, A-Z, 0-9, _.
You must provide a valid URL. Could not fetch usable data from 'vortex.data.microsoft.com'.Sorry here is another example:
https://imgur.com/2R0sYVW
I did some searching for where pfsense stores those files on the server but have not been able to find it, any idea?
-
Don't. Use. SPACE. In. The. Name!
(Block MS Telemetry = wrong, Block_MS_Telemetry = correct) :-D
-
Don't. Use. SPACE. In. The. Name!
(Block MS Telemetry = wrong, Block_MS_Telemetry = correct) :-D
Ahh. That helped thanks. I changed the type to hosts and it works now, cheers!
-
Is there a way to block more than 5000 hosts in a single alias or rule? Intending to block inbound tor exit nodes and I think the list is 7000 IP's. Maybe on the command line alias file?
Thanks!
-
Tried Snort (on LAN interface) ? Afaik if blocks contacts to TOR servers (have seen it in my Snort alerts), no idea how up-to-date the list of servers is…
btw., how about a new thread, this all here is miles OT.... ;-)
-
to block telemetry in a single PC use DWS_lite
Open source,code on github.https://www.virustotal.com/en/file/bf600fc1517f65f15f4e174087759973837cfe99e419f2c52f6d248dee6eb72f/analysis/1449685802/
https://github.com/Nummer/Destroy-Windows-10-Spying/blob/master/DWS
string[] ipAddr = { "111.221.29.177", "111.221.29.253", "131.253.40.37", "134.170.30.202", "134.170.115.60", "134.170.165.248", "134.170.165.253", "134.170.185.70", "137.116.81.24", "137.117.235.16", "157.55.129.21", "157.55.133.204", "157.56.121.89", "157.56.91.77", "168.63.108.233", "191.232.139.254", "191.232.80.58", "191.232.80.62", "191.237.208.126", //"204.79.197.200", // BING.COM "207.46.101.29", "207.46.114.58", "207.46.223.94", "207.68.166.254", "212.30.134.204", "212.30.134.205", "23.102.21.4", "23.99.10.11", "23.218.212.69", "64.4.54.22", "64.4.54.32", "64.4.6.100", "65.39.117.230", "65.52.100.11", "65.52.100.7", "65.52.100.9", "65.52.100.91", "65.52.100.92", "65.52.100.93", "65.52.100.94", "65.52.108.29", "65.55.108.23", "65.55.138.114", "65.55.138.126", "65.55.138.186", "65.55.252.63", "65.55.252.71", "65.55.252.92", "65.55.252.93", "65.55.29.238", "65.55.39.10", "191.232.139.2", "64.4.23.0-64.4.23.255", "111.221.64.0-111.221.127.255", // singapure "157.55.235.0-157.55.235.255", "157.55.56.0-157.55.56.255", "157.55.52.0-157.55.52.255", "157.55.130.0-157.55.130.255", "65.55.223.0-65.55.223.255", "213.199.179.0-213.199.179.255", // Ireland "195.138.255.0-195.138.255.255", "23.223.20.82", // cache.datamart.windows.com "77.67.29.176", // NEW TH2 Spy IP "157.56.124.87", // NEW TH2 Spy IP "157.55.236.0-157.55.236.255", // NEW TH2 SPY IP "104.96.147.3", "23.57.107.27", "23.57.107.163", "23.57.101.163", "2.22.61.43", "2.22.61.66", "65.39.117.230", "23.218.212.69", "134.170.30.202", "137.116.81.24", "157.56.106.189", "204.79.197.200", "65.52.108.33" };
string[] hostsdomains = { "statsfe2.update.microsoft.com.akadns.net", "fe2.update.microsoft.com.akadns.net", "s0.2mdn.net", "survey.watson.microsoft.com", "view.atdmt.com", "watson.microsoft.com", "watson.ppe.telemetry.microsoft.com", "vortex.data.microsoft.com", "vortex-win.data.microsoft.com", "telecommand.telemetry.microsoft.com", "telecommand.telemetry.microsoft.com.nsatc.net", "oca.telemetry.microsoft.com", "sqm.telemetry.microsoft.com", "sqm.telemetry.microsoft.com.nsatc.net", "watson.telemetry.microsoft.com", "watson.telemetry.microsoft.com.nsatc.net", "redir.metaservices.microsoft.com", "choice.microsoft.com", "choice.microsoft.com.nsatc.net", "wes.df.telemetry.microsoft.com", "services.wes.df.telemetry.microsoft.com", "sqm.df.telemetry.microsoft.com", "telemetry.microsoft.com", "telemetry.appex.bing.net", "telemetry.urs.microsoft.com", "telemetry.appex.bing.net:443", "settings-sandbox.data.microsoft.com", "watson.live.com", "statsfe2.ws.microsoft.com", "corpext.msitadfs.glbdns2.microsoft.com", "compatexchange.cloudapp.net", "a-0001.a-msedge.net", "sls.update.microsoft.com.akadns.net", "diagnostics.support.microsoft.com", "corp.sts.microsoft.com", "statsfe1.ws.microsoft.com", "feedback.windows.com", "feedback.microsoft-hohm.com", "feedback.search.microsoft.com", "rad.msn.com", "preview.msn.com", "ad.doubleclick.net", "ads.msn.com", "ads1.msads.net", "ads1.msn.com", "a.ads1.msn.com", "a.ads2.msn.com", "adnexus.net", "adnxs.com", "az361816.vo.msecnd.net", "az512334.vo.msecnd.net", "ssw.live.com", "ca.telemetry.microsoft.com", "i1.services.social.microsoft.com", "i1.services.social.microsoft.com.nsatc.net", "df.telemetry.microsoft.com", "reports.wes.df.telemetry.microsoft.com", "cs1.wpc.v0cdn.net", "vortex-sandbox.data.microsoft.com", "oca.telemetry.microsoft.com.nsatc.net", "pre.footprintpredict.com", "spynet2.microsoft.com", "spynetalt.microsoft.com", "fe3.delivery.dsp.mp.microsoft.com.nsatc.net", "cache.datamart.windows.com", "db3wns2011111.wns.windows.com", // NEW TH2 spy hosts //"deploy.static.akamaitechnologies.com", //"akamaitechnologies.com" "settings-win.data.microsoft.com", "v10.vortex-win.data.microsoft.com", "win10.ipv6.microsoft.com", "ca.telemetry.microsoft.com", "i1.services.social.microsoft.com.nsatc.net" };
Windows Update is not blocked !!!
-
Hi, any details where this list comes from?
-
Hi, any details where this list comes from?
It appears the list comes from various people and have noticed it's also used in Spyboy Anti-Beacon program too.
I found doing DNSBL as a quicker way to block Windows Telemetry on pfSense. I just setup my pfsense to use DNSBL, which is included in the latest package of pfblockerNG. I told my DNSBL to use as it appears to be updated often:
https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist -
Hi, any details where this list comes from?
It appears the list comes from various people and have noticed it's also used in Spyboy Anti-Beacon program too.
I found doing DNSBL as a quicker way to block Windows Telemetry on pfSense. I just setup my pfsense to use DNSBL, which is included in the latest package of pfblockerNG. I told my DNSBL to use as it appears to be updated often:
https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslistDo you have a guide or basic steps on how to set it up? Never used either before. is DNSBL a preconfigured list found in pfblockerNG?