Jump to content

Firewalls and Protocol Encryption


soulstace

Recommended Posts

Posted

Hi all,

I am having a discussion on another forum about bittorrent and protocol encryption. A couple people seem to think that firewalls are able to decrypt the traffic in order to block uTorrent. I disagree, but can anyone having knowledge of uTorrent's encryption specs tell me why or why not this is true?

~ss

Posted

Encrypted connections aren't completely secure because the encryption is weak relative to some other encryption algorithms. Specifically, Protocol Encryption uses RC4 as its stream cipher. It was chosen because it's lighter on the CPU, and was meant only to make it difficult/impossible to detect BitTorrent based on some simple packet inspection.

See the following:

http://en.wikipedia.org/wiki/BitTorrent_protocol_encryption

http://en.wikipedia.org/wiki/RC4

Posted

Thanks Ultima for your reply.

I realize PE is fairly weak encryption by today's standards. However, the CPU inside firewalls are usually pretty weak as well. Isn't it unlikely that a firewall could crack it?

Here is what someone said that made me interested in this topic.

look into TippingPoint or Juniper's IDP.

Both are 100% able to block/filter/rate limit All P2P traffic. and even though SOME of their streams are encrypted, you can decrypt those streams quite easily.

And, So far I have no come across a single BT application that Snort cannot handle either

Posted

I would be surprised if they are able to read the streams completely. Instead, they're probably just sniffing "low hanging fruit" such as Tracker updates in-the-clear and unencrypted peers/seeds passing you peer exchange lists. Then they can be reasonably certain that ALL ips mentioned by the tracker and peer exchange are BitTorrent links to be throttled/blocked.

Realtime cracking of the RC4 stream is not really possible...at the point where an ISP might be capable of doing it, they've got too many streams/sessions to worry about brute-forcing a single ip-to-ip stream. And if they're trying to do that like Virgin in the UK:

http://www.theregister.co.uk/2008/12/16/virgin_bittorrent/page2.html

...that seeks to "monetise the intelligence" of their network and "lead the ISP industry in new network services that exploit customer data."

...you need to leave them QUICK because they CANNOT be trusted with your data!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...