taulin Posted July 27, 2008 Report Share Posted July 27, 2008 ive been noticing some fake or pretend µtorrent clients on my tracker recently, information is as followsthis is how it looks in the peers list, they all seem to be coming from israel and note the given version, always something over 3000 giventhe announce string looks like this:/tracker/announce.php?info_hash=%88%DBBbC%3B%AA%28%85%EF%90jd%07%29gB%F4%C5%16&peer_id=%B5Torrent%2F3045%20%20%20%20%20%20%20&port=2048&uploaded=16220160&downloaded=8110080&left=94668691&compact=1&numwant=2000note the request amount, 2000 peers, the port is always 2048 as well. the peer id given equates to "µTorrent/3045 " as well (effectively malformed peer ids), only recently have these clients actually started downloading/uploading which leads me to think they are mainly just peer harvesting Link to comment Share on other sites More sharing options...
thelittlefire Posted July 27, 2008 Report Share Posted July 27, 2008 Well, that's obviously a spoofed Azureus peerid. That it doesn't get detected in uT as [FAKE] is somewhat worrisome. What version of uTorrent did you test from?However seeing them from 012.co.il wouldn't be unheard of. Link to comment Share on other sites More sharing options...
Greg Hazel Posted August 1, 2008 Report Share Posted August 1, 2008 Can you capture the peer traffic (unencrypted, please) with Wireshark, and post the capture here? Link to comment Share on other sites More sharing options...
Dch48 Posted August 13, 2008 Report Share Posted August 13, 2008 I got one tonight[2008-08-12 22:04:16] 132.239.17.225:48456: [[FAKE] µTorrent/1.7.7.0 (0.0)]: Disconnect: Connection closed should these IP's be blocked in my ipfilter file? Link to comment Share on other sites More sharing options...
slipstream Posted August 13, 2008 Report Share Posted August 13, 2008 Dch48Does not really belong to this topic since this client is successfully detected as FAKE.132.239.17.225 resolves to planetlab2.ucsd.eduPlanetLab guys are eavesdropping on pretty every popular torrent at least since the beginning of 2008. Purposes unknown. Those planetlab clients do not even try to download or upload anything. Link to comment Share on other sites More sharing options...
thelittlefire Posted August 13, 2008 Report Share Posted August 13, 2008 They changed their port finally. It uses to be 55115. It doesn't happen on all torrents, at least the ones I run. Link to comment Share on other sites More sharing options...
Dch48 Posted August 13, 2008 Report Share Posted August 13, 2008 I looked them up (PlanetLab) , and it says they are an organization dedicated to improving internet communications, including P2P . Maybe so,and also maybe they're piracy spies. Link to comment Share on other sites More sharing options...
scorekeep Posted August 13, 2008 Report Share Posted August 13, 2008 PlanetLab themselves are not spies. They offer a grid for other applications to run, mostly from the research sector. coblitz.codeen.org, coralcdn.org also run on PlanetLab -- and I would assume countless other projects. One of those projects is eavesdropping on BitTorrent.For what kind of research, I do not know. I would give PlanetLab themselves the benefit of the doubt though -- and you could try asking them about it. Link to comment Share on other sites More sharing options...
Charming Phoebe Posted August 13, 2008 Report Share Posted August 13, 2008 Been seeing a lot of µTorrent/1.7.7.0 client traffic with ridiculously high download speeds (800KB/s plus). If they appear in a torrent then I might as well stop because my speed drops to zero. I'm using 1.8. Link to comment Share on other sites More sharing options...
Switeck Posted August 14, 2008 Report Share Posted August 14, 2008 You could try blocking them by their ips using uTorrent's ipfilter.dat file. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.