Jump to content

uTorrent is sending downloading request to dark ips ( IP not in use )


anup.goyal

Recommended Posts

Posted

Hi all,

I had encountered a strange behavior of uTorrent. It constantly ask for certain files from the unused IP spaces. I am monitoring one of such IP space and it is unnecessarily increase the traffic.

I had seen only the clients which implement the uTorrent compatible PEX ( peer Exchange ) protocol in whcih uTorrent sends the maximum request.

Does anyone know of a bug in the uTorrent implementation which lead to such a behavior. They basically insert bogus IP address in the system and spreads very

fast through the network.

I have checked the IP address returned by the uTorrent client and they also contain some unroutable IP. How is it possible that they had a unroutable IP in their IPLIST.

Does anyone know of any known bugs or happen to observe the same.

Any help is appreciated, i am trying to identify the problem behind this. it is bothering me because of large amount of unwanted traffic i observe.

-anup

Posted

If you're referring to 239/8, then that's the IP multicast range, which µTorrent uses for LPD (for discovering peers on your local network). If you want to stop that from happening, disable LPD in Preferences > BitTorrent.

Posted

I am not referring to the 239/8 IPs. I know that uTorrent does local discovery. Infact i am not running any uTorrent application and still getting the request packets.

All the request comes from some random IP in the internet. And i am not getting the

point that why they are sending request to a unused IP space.

How the information of this dark IPs entered into the system??

Why their are lots of request for the same file comes to a single destination and from

a large group of client ??

All the requesting client runs uTorrent and my best guess is that there is some error in the implementation of uTorrent such that it gets misconfigured and request file from dark IP ??

Posted

µTorrent doesn't make up bogus IPs to transfer data with. If it has an IP in its peer cache, then it's because someone else gave it the IP. It doesn't hand out IPs not in its peer cache either, so PEX wouldn't be the cause (rather, it wouldn't have sent bogus IPs to other peers via PEX, thus causing the IPs to propogate through the swarm).

Are you sure the torrent isn't fake or poisoned? How often do you see this kind of behavior (as in, do you see it in every torrent, many torrents, some torrents, or a few torrents?)?

Edit: Heh, DWK got to the other question I had before I managed to edit it in :P

Posted

They are not fake files request. Earlier i believe that some bogus peers are sending fake file request. But I checked the files after downloading them and they are legitimate files.

I have seen the behavior on many different files. surprisingly, they all follow the same client software distribution. The distribution is like 90% - uTorrent, no azurues, no bitcomet... in other words no other famous client except uTorrent.

the logic of someone else giving also make sense, but why for so many files does anyone care to give bogus IPs ? and why request are uTorrent dominant? If someone sends it, they will send to other client also. :)

It might be some problem with implementation. Since nobody cares of these radiation traffic that's why it didn't come up yet.

Posted

uTorrent has the vast majority of the "market segment" for the Mainline DHT, so its no surprise that the vast plurality or majority of clients making or answering queries are uTorrent. BitComet does use the Mainline DHT, but Azureus does not.

Every client in the DHT network is responsible for remembering certain parts of the database -- so even though you see an infohash that does not correspond with something you're downloading, it doesn't mean it's fake. It's just asking if your part of the database knows anyone announcing that infohash.

Posted

Huge amounts of previous BOGON ip ranges have been mapped out to real ISPs around the world. The ips of course may be FIREWALLED even in route to them, as many ISPs like to use transparent proxies and other crap. :(

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...