Jump to content

uTorrent banned on several trackers!


dumdum

Recommended Posts

Switeck

Moderator

Re: uTorrent banned on several trackers!

If a torrent has hostile ips in its peer list, most ANY BitTorrent client will make outgoing connections to those ips unless explicitly blocked using its blocklist. If they retested µTorrent v1.6.1 they'd probably find it 'hostile' too. So would be Azureus or Halite now as well once hostile ips get into the peer list from the tracker.

But they probably didn't run the test using µTorrent's own ipfilter.dat before writing it off.

I posted something about this about why you needed IPFilter.dat as well a way to ban an IP sending bad data.

I am sure ALL BT clients will fail this test and not just V1.7.1... I have seen this problem with a few Torrents only but its the torrent and not the client thats at fault. Since the target to disrupt is the torrent and not the client.

Link to comment
Share on other sites

  • Replies 158
  • Created
  • Last Reply

callous: Every program can be programmed to act in any way if it detects anything!

But,

you can do packet capturing not only on the same machine that runs µT but also on a transparent proxy in front of the machine you want to monitor. Or if you have for example one of those nice AVM fritzboxes you can sniff the packets even on the uplinkgateway router itself!

FRITZ!Box Packet Trace FRITZ!Box can trace all packets sent via DSL or in "Internet connection via LAN (as router)" mode in Wireshark format. Start the packet trace by clicking the corresponding "Start" button and save the file to the hard disk. Click the "Stop" button to end the trace.

http://fritz.box/cgi-bin/webcm?getpage=../html/capture.html

And even with such a setup where no kind of sniffing software was present on the µT box were nothing found here. (And I'm not a µt-"fanboi" defending it blindly since I still haven't got my minimisable µTris window yet) ;)

Link to comment
Share on other sites

Or you could have a router that shows recent incoming and outgoing connections...and just grab its logs often. You ever see outgoing connections to 'hostile' ips, then you need to check the peer list for all your torrents to see if there's hostiles in them.

...this is assuming you haven't blocked them using ipfilter.dat!

Link to comment
Share on other sites

@merlin05: http://forum.utorrent.com/viewtopic.php … 15#p263015

Dunno... Apparently, they treat Azureus with a double-standard. BitTorrent doesn't need to go to Azureus for it to be as "suspicious" as µTorrent, seeing as how they've already signed deals with movie studios as well for VUZE. Amazingly, tracker administrators happily turn a blind eye to that situation. Their decision to turn a blind eye to Azureus was correct, as Azureus isn't suspicious, but µTorrent isn't any more suspicious either.

As for the source, I've no clue (and have been wondering myself), but it wouldn't surprise me at all if it were just a case of pent up suspicion that cascaded after one tracker (whatever tracker it was) took the initiative to ban µTorrent. While plain ol' suspicion is at least somewhat understandable, outright banning and passing rumors off as fact without proof is just disdainful.

As one of the few I still respected here, I am disappointed in you Ultima. Number one, I have been watching Azureus like a hawk as much as utorrent. Number two, Azureus Vuze is banned on our tracker as well, not just the latest utorrent. Azureus 2.5.0.4 is allowed, as is utorrent 1.6-1.6.1 which are proven fine. Seems pretty equal treatment to me considering utorrent makes itself much harder to examine than the Azureus 2.x(not the banned 3x) series with the closed source thing. Any of you are welcome to send me a sniffer log of your utorrent clients, explaining what each outgoing connection outside the peerlist is. I'll then compare it to mine, which has looked incriminating for utorrent, so make sure yours is not edited. I will know it.

How is that for being more than fair? If you can prove me wrong by following my instructions, you'll get 1.7.1 approved and my sincere apoligies.

Link to comment
Share on other sites

http://torrenthelp.depthstrike.com/2007/07/utorrent-171-and-all-claims-about.html

Any of you are welcome to send me a sniffer log of your utorrent clients, explaining what each outgoing connection outside the peerlist is.

UDP traffic is all DHT or Local Peer Discovery.

Not all connections that get established will be on peerlists. Many other clients will remember your information and can attempt to contact you hours or even days after you remove the torrent.

thus far there has been no proof provided that uT is actually sending the information that people claim it is.

Link to comment
Share on other sites

@Thehound:

Fair enough. I came to the wrong conclusion about Azureus+VUZE, as I never heard about it being banned. Apologies if the thing about turning a blind eye and unequal treatment offended you.

DWK said this before, and I fully agree with him: the burden of proof lies with the tracker administrators. They're the ones making the allegations against µTorrent, so why should µTorrent need to prove itself innocent? The tracker administrators should be the ones proving it guilty, not just saying it's guilty.

That said, I'm not hesitant to post my Wireshark captures, but a full torrent capture (from beginning of torrent to end) ended up being more than 100MB in size, so I decided against keeping that. Instead, I captured only about a minute's worth, which still turned out pretty large (7MB for just a minute? :o). I started µTorrent immediately after I began the capturing, with the torrent already in started mode, and exited before I stopped the capture (and made sure µTorrent was fully gone from the process list before that). The peer list is included.

I had a single torrent in my list for testing: an OpenOffice.org torrent (OOo_2.2.1_Win32Intel_install_wJRE_en-US.exe.torrent, 282AD71FC25ECED79C784EDF34B8A1ED0271D42C). People might come up with brilliant ideas, like "maybe µTorrent only phones home when it sees a copyrighted movie, blah blah" or "oh it waits X minutes before doing anything" (or even what callous mentioned above), but it's beyond my ability to test, so if this isn't sufficient, then there isn't much else I can do/say. If you want to test those possibilities, then that's up to you. I'm already trying to accommodate your request as best as I can (and within sane limits for the capture size).

Anyhow, for your viewing pleasure: [sNIPPED]

"UNKNOWN" OUTGOING IPs

http://whois.domaintools.com/142.68.79.54

54.98.68.142.in-addr.arpa.0INPTRchtwpe0105w-142068098054.pppoe-dynamic.pei.aliant.net

- Turns out this one is the depthstrike.com tracker

http://whois.domaintools.com/24.128.140.177

177.140.128.24.in-addr.arpa.10800INPTRc-24-128-140-177.hsd1.ma.comcast.net

http://whois.domaintools.com/78.62.121.178

178.121.62.78.in-addr.arpa.10800INPTR78-62-121-178.ip.zebra.lt

http://whois.domaintools.com/82.181.126.142

142.126.181.82.in-addr.arpa.10800INPTRcs181126142.pp.htv.fi

I'm not a Wireshark expert (far from it; admittedly, I'm a total n00b with it), so I can't say for sure what those extra IPs are, but they hardly look suspicious to me. Two of the three unexplained outgoing IPs are from countries outside the US, and the remaining unexplained IP (Comcast) isn't any more suspicious than the IP address you're posting from (edit: which is to say, it isn't :o).

Link to comment
Share on other sites

I'm not a Wireshark expert (far from it; admittedly, I'm a total n00b with it), so I can't say for sure what those extra IPs are, but they hardly look suspicious to me. Two of the three unexplained outgoing IPs are from countries outside the US, and the remaining unexplained IP (Comcast) isn't any more suspicious than the IP address you're posting from.

Now that you mention it... that IP of his does indeed look suspicious... maybe we should have him prove he's not a threat first before we continue?

-- Smoovious

Link to comment
Share on other sites

I'd say the CONCLUSION for this thread is: µTorrent 1.7.1 is perfectly SAFE

...but please remember to DISABLE Local Peer Discovery in case there is any reason to believe that the MPAA/RIAA have infiltrated you LOCAL network!!!!1

Link to comment
Share on other sites

lol I could PM you reverse dns on all IPs I use :) Only one that might look suspicious is work because it'll reverse as a certain Tier 1 backbone provider :lol: Anyways, I grabbed your wireshark and if it's 7 minutes long, it should be fine for my purposes and thank you for the consideration. If anyone was concerned about handing over IPs from illegal downloads in the log, there's always Linux distros which you should try using after the download(utorrent runs fine via wine on every version thus far, don't worry). I am pretty good with sniffers but haven't touched wireshark much myself, but as long as it catches headers, it'll serve my purpose fine. I like to use NAI. It's a bit pricey but I have a volume license from work.

Chances are 1.7.1 will still be banned due to local peer discovery/private flag bug but please do let me know when a fix is posted immediately. This should give me a base for expeditiously testing your fix. Thanks again for your cooperation. This is really a good sign, given Azureus did have something to hide and stiff-armed me the whole way.

Edit: ok my decision has been made for now. 1.7.1 will remain banned until the fix of the aforementioned bug is put up on site and not as beta. However, the new version will be entitled to a clean retest based on something I have learned, which is how utorrent's LPD works differently from Azureus(only other client I know with full implementation of it). I apoligise for the trouble as it appears that LPD ignoring my private flag and being referred to exchange handshakes with these IPs, including a couple peers on port 80. was the culprit for my findings. Get the bugs back on track(well 1 bug in this version remaining but you had more in 1.7) and keep it clean and I'll be happy to let new versions of your client back on the tracker.

Cheers!

Link to comment
Share on other sites

My Wireshark sniffing was actually only about 1:20 long, and 7MB large. I think 7 minutes would've bloated the capture to around 50MB :/

And from the internal test build, it seems like the Local Peer Discovery thing has been "fixed"; it no longer grabs local peers on private torrents.

Link to comment
Share on other sites

Yeah, your IPs were actually more helpful than the actual packet captures. I then rechecked some things in my own logs, paying attention to certain IPs. I must say if you want bloated logs, NAI is much more detailed. I had over 4 GB of logs on utorrent running only 1 torrent and occasional browsing(about 45 minutes worth). As I said, let me know that the LPD bug is fixed so I can test right away ;)

PS-You can sort and filter wireshark logs with NAI though, just not all info fields will be filled. Very helpful that it does follow the standard log format.

PPS-If you want to find rootkits that manage to block sniffing and don't want to rewire a pc to network through the sniffing PC, look at VMWare. It has all the necessary networking options to catch these things(none of those were caught in utorrent). I remember my days experimenting with the Sony rootkit to see what exactly it reports(really it's scary, too scary). The free server is even fine for these purposes.

Link to comment
Share on other sites

Any of you are welcome to send me a sniffer log of your utorrent clients, explaining what each outgoing connection outside the peerlist is. I'll then compare it to mine, which has looked incriminating for utorrent

Well, by now we've all seen how little you knew about the 239 IP-space. Do you think proving things to you would make sense?

Like I wrote, I maintain quite a busy tracker too. It does not ban µT 1.7.1 because the smart and tech-savy peers (exchanging info with this tracker) see no reason to ban this software. From what I've seen you write here, I'm not impressed with your ability to make judgements on the matter.

Link to comment
Share on other sites

Umm the 239 connections did not concern me, it was the found peers on private torrents and the handshake.(not sure he's any smarter because he obviously didn't know what I saw but made assumptions) Anyways, I'll go grab 1.7.2. Cheers to everyone else here for the great support and cooperation.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...