Back to Blog

pfSense, Networking

Ad Blocking with pfSense Software

Ad Blocking with pfSense Software

The Federal Bureau of Investigation (FBI) is as a protective measure against scams online, according to a public service announcement. The agency's Internet Complaints Department has alerted the public that ad-blocking extensions can help guard against fraudulent online advertisements that mimic real brands and businesses and appear in search results. These deceptive ads often contain links to fake websites or malicious software designed to steal users' login credentials or financial information.

By endorsing ad blockers, the FBI acknowledges the increasingly dangerous online advertising environment, characterized by an ongoing battle between online ad sellers like Google and cybercriminals creating numerous accounts to bypass security systems when purchasing ads.

Despite constant monitoring and verification processes to detect scam ads, some fraudulent ones continue to slip through the nets of big tech companies. A report by Malwarebytes noted that cybercriminals were creating fake search ads impersonating well-known platforms such as YouTube, Amazon, and Facebook. 

The FBI's safety recommendations, in line with advice from the UK's Trading Standards, include checking the authenticity of an ad by scrutinizing the URL for typos and other errors, and manually entering the full website address of businesses and financial institutions when searching for them. 

The rest of this blog post will discuss how ad blockers work, why people use them, and how you can easily set one up yourself. Notably, US security agencies, including the National Security Agency (NSA), Central Intelligence Agency (CIA), and the FBI, are already using network-based ad-blocking technologies.

What is an Ad Blocker?

An ad blocker, as the term implies, is a tool designed to obstruct the display of advertisements on web pages and various forms of digital content.

How do Ad Blockers Work?

Ad blockers operate on two primary levels: script and DNS. Script-level ad blockers intercept HTTP requests and scrutinize the page's HTML, CSS, and JavaScript code for components that correspond to recognized patterns of online ads. If the ad blocker identifies an advertisement component, it has the ability to block the HTTP request to the advertisement server.

An alternative method is to filter responses at the DNS level to block ads based on hostnames and domains. This method involves rerouting DNS requests for known advertisement-serving domains either to a block page or a vacant IP address. It's important to note that DNS filtering transpires at the network level.

Why do People Use Ad Blockers?

There are various motivations for individuals to use ad blockers. Predominantly, people choose to block ads to circumvent exposure to intrusive or irrelevant advertisements. Enhanced page loading speeds is another reason why people might choose to use ad blockers. Furthermore, as highlighted by the FBI, increasing numbers of individuals are adopting ad blockers to safeguard their privacy and bolster online security.

Advantages of Blocking Ads At The Network Level

DNS-level ad-blockers present a robust and expansive solution. Rather than limiting their capabilities to blocking ads within the bounds of a browser, they extend their coverage to encompass mobile applications, smart TVs, and the myriad of Internet of Things (IoT) devices. In essence, these ad-blockers operate across the entirety of your network, going beyond the singular confines of your computer's browser and providing a more comprehensive ad-blocking strategy.

There's also additional ease-of-use that comes with network-level ad-blockers. Unlike browser-based ad-blockers which require individual setup on each device, network-based ad-blockers are managed centrally within the network. This allows for a single point of control for all devices and simplifies the process, especially when multiple devices are involved. The benefit is a substantial saving of time and effort, since there's no need to individually configure the ad-blocking settings for each device. 

While network-level ad blockers have advantages over browser-level blockers, there’s no reason to choose one over the other. Instead, users can stack both solutions to maximize  protection against dangerous ads.  A reason to pair network-based and browser-based ad blockers is because the browser based solutions can filter elements based on more than simply domain name. This means that ads served from the same domain as the website being accessed can also be obscured from the end-user.

pfBlockerNG for Ad Blocking

When it comes to network-level ad blocking, one of the most reliable and efficient tools at your disposal is pfBlockerNG. This package is specifically designed to offer a shield against the multitude of online threats lurking behind each page and ad.

Developed as a versatile package of pfSense software, pfBlockerNG serves as an integral line of defense in the cyber world. It takes a proactive approach to blocking intrusive ads, web tracking applications, and harmful elements such as malware and ransomware. It accomplishes this through an advanced system of DNS blocking, thwarting potential threats right at their source.

Features include:

  • Geographical/Country Blocking
  • IP Blocklist features
  • Dashboard widget
  • XMLRPC Sync
  • Lists update frequently
  • Many options to choose what to block and how to block
  • Network lists may be used for custom rules

How do I get pfBlockerNG?

The best way to use pfBlockerNG is to purchase Netgate hardware, which comes with pfSense Plus software. The set-up process is straightforward, thanks to user-friendly documentation. 

For more information on how to set up pfBlockerNG and pfSense software, click the links below: 

Get It Now