Jump to content

what does the embedded tracker track?


drizzle

Recommended Posts

Posted

I've done some preliminary experiments, and it APPEARS as though utorrent will start tracking _anything_ it receives an announce for...

IE - I point a client/torrent to the utorrent embedded tracker, and get

d8:intervali600e5:peerslee

response even for torrents (info hashes) utorrent isn't doing anything with.

Is this by design? I sort of expected it to only track torrents that (in some fashion) it already knew about. Like, 'torrents in the list', or 'active torrents', or 'only torrents being seeded'?

As it appears to be acting as an 'open tracker', is there a timeout? That is, if it gets an announce for some random infohash, how long does it retain the data?

Posted

Hmmm...

Since it is sharing the BT port, and that port is (typically) accessable to incoming connects, doesn't this constitute an attack vector?

IE, You see utorrent clients in some peer list. You probe to find one with the tracker enabled, then start sending a series of announces with incrementing infohashes to cause that client to consume more and more memory caching the evergrowing list of 'tracked' torrents, eventually using all memory and pagefile space...

Seems like it would be a lot safer (and not that hard) to check the incoming infohash against the list the client 'knows' about...

Guess this should be moved to the 'Feature Request' (or security?) forums...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...