Aim Here Posted September 16, 2007 Report Share Posted September 16, 2007 I haven't found a bug in utorrent - I use another torrent client (for your marketing droids, that's because I'm a non-Windows user, and I'd prefer to use open source software where possible). However, MediaDefender have found a bug, but obviously they're not going to post it here, since they actively exploit it to disrupt the operation of torrents, as revealed by their internal emails which were leaked to the net just a day or two ago.Their emails make numerous references to interdiction, which is apparently the practice of swarming an uploader with connections so that the file is effectively undownloadable. However, from the emails, MediaDefender also seem to prefer it when the downloaders use utorrent, so you seem to be doing something wrong, compared to other clients. Here's the most relevant mails, so that you can maybe work out what they're talking about:Changes to your 'bt.ban_ratio' field did slow them down:Subject: RE: utorrentFrom: Tabish Hasan <tabish@mediadefender.com>To: qa <qa@mediadefender.com>Cc: torrents <torrents@mediadefender.com>After more in-depth analysis...we've determined that the new versionDOES affect our interdiction in a negative way. They've added a new"bt.ban_ratio" field that takes into consideration how many good piecesa client has uploaded. On the older version, they would just kick anypeer that uploaded bad data 5+ times.This post gives some more explanation about the bad ratio field:http://forum.utorrent.com/viewtopic.php?pid=249190#p249190We still see a lot of hash_check fails...but now the only peers gettingbanned are ours. This also affects MediaSentry's interdicted torrents.They are no longer effective on the newest version either.-TH________________________________From: Tabish HasanSent: Monday, May 07, 2007 6:45 PMTo: Randy Saaf; qaSubject: RE: utorrentSure.We've tested this newest version (1.7 beta) before...but apparentlythere was a new build released yesterday (build 1703)...so we'll checkthat tomorrow morning against torrents in our interdiction system.-TH________________________________From: Randy SaafSent: Monday, May 07, 2007 6:42 PMTo: qaSubject: utorrentCan you test the new version of utorrent to see if it affects us?They have been looking for exploits in utorrent dna, but the emails don't say if they found anySubject: Re: utorrentFrom: Randy Saaf <randy@mediadefender.com>To: Daniel Lee <dlee@mediadefender.com>, Ben Grodsky <grodsky@mediadefender.com>, Ty Heath <heath@mediadefender.com>Cc: Ben Ebert <ben@mediadefender.com>, Benny Mao <bmao@mediadefender.com>, Jay Mairs <jay@mediadefender.com>TyAre there any new exploits with this utorrent dna junk?R----- Original Message -----From: Daniel LeeTo: Ben Grodsky; qaCc: Ben Ebert; Benny MaoSent: Fri Aug 10 16:18:28 2007Subject: RE: utorrentThe Bittorrent client is almost identical to uTorrent 1.7. Both our interdiction as+well as MediaSentry's still works on Bittorrent 6.0. We were having some problems+getting our interdiction to show up on our local machines, but with Ty's help we+figured out that the problem was due to port conflict and firewall issues.The only difference between uTorrent and Bittorrent was that the Bittorrent client+came with an additional app called "Bittorrent DNA" (Delivery Network Accelerator),+which acts as a local proxy. Overall, we saw similar speeds/performance on both+clients.________________________________Something you guys did in 1.7 seems to have slowed them down a bit - that might clue you in to what the bug wasSubject: RE: UMG Interdiction results - Ne-YoFrom: Tabish Hasan <tabish@mediadefender.com>To: Ty Heath <heath@mediadefender.com>Cc: Ivan Kwok <ivan@mediadefender.com>, Ben Ebert <ben@mediadefender.com>, Randy Saaf <randy@mediadefender.com>, Jay Mairs <jay@mediadefender.com>, Ben Grodsky <grodsky@mediadefender.com>, qateam <qateam@mediadefender.com>So you're saying the release of the new version (1.7) has an effect onour effectiveness on the old version (1.6.1)? (All our testing was doneon the old version)________________________________From: Ty HeathSent: Thursday, May 17, 2007 6:23 PMTo: Tabish HasanCc: Ivan Kwok; Ben Ebert; Randy Saaf; Jay Mairs; Ben Grodsky; qateamSubject: Re: UMG Interdiction results - Ne-YoThe new version of utorrent will hurt interdiction. I am working on apatch to help alleviate that. But it has a very serious impact, even iftesting with an older version.Also, Ivan's source collector is having trouble getting banned from alot of trackers. So many torrents don't have any sources for me tointerdict.TyOn May 17, 2007, at 6:15 PM, Tabish Hasan wrote:Ty,Here are our interdiction results for the Ne-Yo UMG album. There's 2days of testing....one from yesterday (before your patch) and one fromtoday. Seems like the patch helped a little bit, but not enough.Yesterday 14 out 17 interdicted torrents completed w/in 2 hours andtoday, there were 9 out of 17. So it still seems our interdiction isreally weak. Most of the times our IPs are just not getting into theswarm, and sometimes even when our IPs get in, it doesn't stop the DL.However, whatever their problems are, they seem to have worked them outAuthentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of dlee@mediadefender.com designates 65.120.42.14 as permitted sender) smtp.mail=dlee@mediadefender.comSubject: RE: utorrentFrom: Daniel Lee <dlee@mediadefender.com>To: Randy Saaf <randy@mediadefender.com>, qa <qa@mediadefender.com>, torrents <torrents@mediadefender.com>Cc: Ty Heath <heath@mediadefender.com>, Jay Mairs <jay@mediadefender.com>Yep, we checked yesterday and interdiction still works on the latestversion.________________________________From: Randy SaafSent: Friday, September 07, 2007 2:25 PMTo: qa; torrentsCc: Ty Heath; Jay MairsSubject: utorrentDan:There is a new version of utorrent out. Can you see if interdictionstill works?RHere is one where they discuss trying to get a record company executive to test their decoys with utorrent, apparently because downloading using utorrent, as opposed to other clients, makes their interdiction more effective.Subject: Re: umgiFrom: Ben Ebert <ben@mediadefender.com>To: Randy Saaf <randy@mediadefender.com>, Tabish Hasan <tabish@mediadefender.com>, Ben Grodsky <grodsky@mediadefender.com>, Jay Mairs <jay@mediadefender.com>Cc: qateam <qateam@mediadefender.com>Piratebay, mininove, etc. Will depend entirely on interdiction. Tabish let's start+a download test on those sites since interdiction should be on and see what it+looks like in 2 hours.--------------------------Sent from my BlackBerry Wireless Handheld----- Original Message -----From: Randy SaafTo: Ben Ebert; Tabish Hasan; Ben Grodsky; Jay MairsCc: qateamSent: Wed Jun 27 09:34:36 2007Subject: Re: umgiWe can wait a couple hours if you think it will get better. What is your diagnosis?What about pirate bay and other notables missing?----- Original Message -----From: Ben EbertTo: Randy Saaf; Tabish Hasan; Ben Grodsky; Jay MairsCc: qateamSent: Wed Jun 27 09:23:42 2007Subject: Re: umgiNeil is asking for this now, let's give him amy winehouse on the sites I listed+below. We need to make sure they are usiny utorrent since our decoys are not as+strong as they could be. If you can influence the methodology have them download+the top 15 with a short time frame like 2 hours.--------------------------Here's them saying that whatever they do with utorrent, it's worth showing off to prospective customersSubject: Re: Torrent ProtectionFrom: Randy Saaf <randy@mediadefender.com>To: Neil Saxby <nsaxby@mediadefender.com>, Ben Grodsky <grodsky@mediadefender.com>, torrents <torrents@mediadefender.com>Cc: Octavio Herrera <octavio@mediadefender.com>Neil:Do you think you can get the germans to test this using uTorrent? I think that our interdiction on uTorrent+is the most impressive display of our technology right now.R----- Original Message -----From: Neil SaxbyTo: Ben Grodsky; torrentsCc: Octavio HerreraSent: Tue Jun 26 03:20:51 2007Subject: FW: Torrent ProtectionFYI, please see below.Any projects you can recommend for the Germans to have a look at? A list of the sites we protect on would+also be helpful.Many thanks,NeilAnd, here MediaDefender complains because their customers were checking their effectiveness using Azureus as well as utorrent. These righteous upstanding upholders of copyright law know how to be a bunch of sneasky tricksters when they want to be...Subject: RE: FOX Download Report 07.02.07From: Randy Saaf <randy@mediadefender.com>To: Ben Ebert <ben@mediadefender.com>, qa <qa@mediadefender.com>, torrents <torrents@mediadefender.com>Keep us informed if they keep doing this. We have flagged it with Foxas a testing error we disagree with.-----Original Message-----From: Ben EbertSent: Wednesday, July 11, 2007 11:37 AMTo: Randy Saaf; qa; torrentsSubject: RE: FOX Download Report 07.02.07Having them use different clients seems to have backfired, they countedthe same torrents from the same site with different clients as fails.However, it did show that interdiction is working, a file that theydownloaded in 3 hours with Azureus took 80 hours in uTorrent.I know this is all short on technical details, but even if it doesn't help you fix whatever this exploit is, at least you know there some sort of a problem. Link to comment Share on other sites More sharing options...
Switeck Posted September 16, 2007 Report Share Posted September 16, 2007 My guess is they're talking about µTorrent using default settings....or at least without an ipfilter.dat blocklist that contains the majority of hostiles used on those torrents.Another thing to watch out for is they may be feeding Peer Exchange LOTS of fake ip addresses for peers and seeds. One REALLY nasty thing they could do with fake ip addresses is supply ip addresses of known pinging virus-infected nodes on the internet that will see a connection attempt to them as an "invitation" to auto-infect the connecting ip. Or it could just cause the virus-infected nodes to try to reconnect later...and pass on the ip that tried to connect to them to other virus-infected nodes as well, acting as a Distributed Denial of Service attack.Even if they don't give out bad ips with Peer Exchange, they could "stack the deck" using Peer Exchange and *ONLY* report other poisoner seed/peer ips. I've heard they're ALREADY doing this to try to isolate each good peer/seed from each other.Funny thing is, even "good" torrents with a very high churn rate ALREADY have this problem due to firewall and time-delay issues -- the tracker gets a list of every ip that's connected to it in the last day, and gives out those ips typically in random lots of up to 50 at a time (to prevent overloads). Many if not most of the ips are firewalled, and cannot connect to each other. And the unfirewalled peers and seeds seldom stick around for long because not only can they download alot faster, they have "innumerable" firewalled peers to upload to -- so they exceed a 1:1 ratio reasonably fast too so long as they have a decent upload rate. So of the 50 ips the tracker is handing out, 30+ are firewalled (and cannot connect to each other), 10+ are no longer connected (having finished downloading and stopped the torrent), and 5 or fewer are unfirewalled.Another possible exploit the poisoners are using against µTorrent...I've seen numerous times where µTorrent cannot hold onto TCP ip-to-ip connections. I'd connect to a seed or peer, be downloading and/or uploading to them, and lose connection often within 5-10 minutes. Then it might be minutes (longer on torrents with LOTS of dead connections as mentioned above!) before I reestablish a link to them. ...then 5-10 minutes later, they'd disconnect again! It doesn't help that I'm on ComCast ISP, and the problem may be injected RST packets as mentioned in other threads (on ComCast messing with BitTorrent.) The torrents I am trying to download are in no way being messed with by MediaDefender, BayTSP, or other poisoners. Those torrents seldom have more than 20 ips total as far as the tracker is concerned, of which typically half or less ever connect, of them typically half are firewalled and I must wait for them to connect to me as incoming connections.The THING to do is to get some more µTorrent + other BitTorrent client testing done on interdicted torrents. (Preferably legal ones -- and yes, they ARE interdicting even legal ones too!) With µTorrent logging all kinds of traffic in logger to a text file and maybe even wireshark as well, we can probably determine if the interdiction is also doing any kind of disconnect attempts like ComCast is doing. Link to comment Share on other sites More sharing options...
system Posted September 17, 2007 Report Share Posted September 17, 2007 the tracker gets a list of every ip that's connected to it in the last day, and gives out those ips typically in random lots of up to 50 at a time (to prevent overloads). Many if not most of the ips are firewalled, and cannot connect to each other.Not sure where that info is from.All tbsource based trackers use a "connectable" test by default, and this query for returning peers:"SELECT $fields FROM peers WHERE torrent = $torrentid AND connectable = 'yes' $limit"They only return the peers who at least seem connectable (have the port open).They also drop peers who announce with a "stopped" event, or peers who have not announced within a set timeout period.Other tracker sources might not use a "connectable" test, but they should at least use a timeout for dead peers.No peer should be in the announce returns for a full day unless they are announcing regularly throughout the day (not even the bitcomet versions that don't send stopped events). Link to comment Share on other sites More sharing options...
Switeck Posted September 17, 2007 Report Share Posted September 17, 2007 Maybe so, but on numerous torrents I get...6+ ips out of 10 are unconnectible. Link to comment Share on other sites More sharing options...
ICleolion Posted September 17, 2007 Report Share Posted September 17, 2007 Nice to see the bt.ban_ratio that a few of us came up with in IRC pissed em off a bit Link to comment Share on other sites More sharing options...
amc1 Posted September 17, 2007 Report Share Posted September 17, 2007 Next UT version should have further improvements related to banning bad peers. As well as an appropriate changelog message. Link to comment Share on other sites More sharing options...
funchords Posted September 17, 2007 Report Share Posted September 17, 2007 The tracker that I use most (which is XBT-based) has the option for the connection test but the administrator turned it off to keep the load down. About a third of my peers are firewalled. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.