Jump to content

Security concerns in µT's internal tracker


splintax

Recommended Posts

Posted

I've written about this on my blog, along with some info and a little tutorial on the internal tracker for those of you who don't know what it is.

But since I don't want to come off as just shamelessly plugging my blog, I'll write basically what the problem is here... :P

µTorrent runs an internal tracker on your port with no setting that I know of to disable it (and if there is one, it should be disabled by default, IMO). Any connectable µT user is detectable in the peers list, along with their IP and port, and you can then use them to track your torrents.

I consider this a minor security threat, since if the torrent becomes popular, this wastes your resources, and could also lead to legal countries in some parts of the world if the content tracked (on your PC without your knowledge) is illegal.

Thoughts? I might have missed something, but tests with my friends with them all running default settings indicated that I'm right..

Posted

Ah. This wasn't as a result of me bringing this up in IRC (about a week) earlier?

Just didn't notice anything happening so I thought I would post in the forums, too.

Is that option off by default?

Posted

Alright then. It just worried me a little since I recently discovered that there is a port column (hey, it was off by default too :P) so you don't even need an external app like TCPview to get one...

I don't understand what you're saying 1c3d0g - I can't see any way of blocking someone from using your computer as a tracker or even detecting it, so I wouldn't call someone 'ignorant' for having their PC open as a tracker.. :|

Posted

@splintax: He's saying that because the new version ships with the tracker disabled, "n00bs" won't have it turned on by default and not even know it's there, posing a security risk. It's "pre-blocked" for them, so they don't have to worry about it.

-Ares

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...