eBlocker

eBlocker [8] started as a commercial company, but in 2020 it became a free, open source project. The strength of eBlocker lies not only in ad filtering – the software also allows anonymous surfing and the protection of minors. Although it comes as a ready-to-install image for the Raspberry Pi or the Banana Pi, other platforms are not available.

The developers claim eBlocker is a plug-and-play solution for home networks. According to the marketing, the software protects all users on the local network as soon as they connect. The eBlocker website shows protected devices, filter lists, and categories.

Of all tested advertising filters, eBlocker most seriously intervenes with on-going communications. The new device acts as a standard gateway for other clients and thus (willingly) hijacks all Internet requests from the other participants.

As a classic man in the middle (MITM), eBlocker can check the data packets that flow through for advertising and malware. eBlocker reacts to encrypted connections with TLS inspection, thanks to which, it can even sniff HTTPS connections. However, this feature is not automatically active and requires a certificate on each end device that authorizes eBlocker for deep packet inspection. For anonymization purposes, eBlocker can route traffic through a VPN provider or through the Tor network.

On the downside, eBlocker gains deep insights into data communications and thus also sees passwords, bank transfers, and confidential information. Because the service is already in the communication path, the web browser will not output a certificate warning if an MITM attack actually occurs.

Furthermore, the eBlocker only protects clients it has found on the local Ethernet segment. Clients on other networks (WiFi, guest network) remain unaffected and surf the Internet without protection. Finally, not all home routers cooperate with eBlocker, and depending on the model and manufacturer, plug-and-play can become a manual setup operation.

Synopsis

eBlocker uses blatant tools to hijack client communication. As an intentional MITM, it uses a collection of ARP spoofing, SSL bumping, and DNS blocking to protect its clients from malware, advertising, and data collectors, thus proving to be an ideal supplement if the DSL router is the only line of defense on the network. eBlocker also consistently enforces the Internet rules negotiated by parents and children.

Making It Work

For the ad blockers presented here to work, the clients must use the new DNS server for name resolution or as their default gateway. If the end devices get their IP addresses by DHCP, the DHCP server now has to include the new ad blocker as a DNS server or gateway in its offerings. For static addresses, manual changes are required in the IP settings of the respective devices.

In small environments, the DSL router takes over the role of the DHCP and DNS server in most cases. If the DSL router always asserts itself as the DNS server, the clients cannot use the new DNS server. In this case, the DSL router has to give up its DHCP task. Fortunately, the ad blockers can help out. All examined systems offer a DHCP server or can at least be upgraded accordingly.

eBlocker takes a different approach, making itself the default gateway. It not only controls the DNS queries, but also has access to the complete data stream. If desired, the sniffer box will peek into HTTPS traffic, although this option is disabled out of the box.