Jump to content

Firewalls and Protocol Encryption


Recommended Posts

Hi all,

I am having a discussion on another forum about bittorrent and protocol encryption. A couple people seem to think that firewalls are able to decrypt the traffic in order to block uTorrent. I disagree, but can anyone having knowledge of uTorrent's encryption specs tell me why or why not this is true?


Link to comment
Share on other sites

Encrypted connections aren't completely secure because the encryption is weak relative to some other encryption algorithms. Specifically, Protocol Encryption uses RC4 as its stream cipher. It was chosen because it's lighter on the CPU, and was meant only to make it difficult/impossible to detect BitTorrent based on some simple packet inspection.

See the following:



Link to comment
Share on other sites

Thanks Ultima for your reply.

I realize PE is fairly weak encryption by today's standards. However, the CPU inside firewalls are usually pretty weak as well. Isn't it unlikely that a firewall could crack it?

Here is what someone said that made me interested in this topic.

look into TippingPoint or Juniper's IDP.

Both are 100% able to block/filter/rate limit All P2P traffic. and even though SOME of their streams are encrypted, you can decrypt those streams quite easily.

And, So far I have no come across a single BT application that Snort cannot handle either

Link to comment
Share on other sites

I would be surprised if they are able to read the streams completely. Instead, they're probably just sniffing "low hanging fruit" such as Tracker updates in-the-clear and unencrypted peers/seeds passing you peer exchange lists. Then they can be reasonably certain that ALL ips mentioned by the tracker and peer exchange are BitTorrent links to be throttled/blocked.

Realtime cracking of the RC4 stream is not really possible...at the point where an ISP might be capable of doing it, they've got too many streams/sessions to worry about brute-forcing a single ip-to-ip stream. And if they're trying to do that like Virgin in the UK:


...that seeks to "monetise the intelligence" of their network and "lead the ISP industry in new network services that exploit customer data."

...you need to leave them QUICK because they CANNOT be trusted with your data!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...