soulstace Posted January 8, 2009 Report Posted January 8, 2009 Hi all,I am having a discussion on another forum about bittorrent and protocol encryption. A couple people seem to think that firewalls are able to decrypt the traffic in order to block uTorrent. I disagree, but can anyone having knowledge of uTorrent's encryption specs tell me why or why not this is true?~ss
Ultima Posted January 8, 2009 Report Posted January 8, 2009 Encrypted connections aren't completely secure because the encryption is weak relative to some other encryption algorithms. Specifically, Protocol Encryption uses RC4 as its stream cipher. It was chosen because it's lighter on the CPU, and was meant only to make it difficult/impossible to detect BitTorrent based on some simple packet inspection.See the following:http://en.wikipedia.org/wiki/BitTorrent_protocol_encryptionhttp://en.wikipedia.org/wiki/RC4
soulstace Posted January 8, 2009 Author Report Posted January 8, 2009 Thanks Ultima for your reply.I realize PE is fairly weak encryption by today's standards. However, the CPU inside firewalls are usually pretty weak as well. Isn't it unlikely that a firewall could crack it?Here is what someone said that made me interested in this topic.look into TippingPoint or Juniper's IDP.Both are 100% able to block/filter/rate limit All P2P traffic. and even though SOME of their streams are encrypted, you can decrypt those streams quite easily.And, So far I have no come across a single BT application that Snort cannot handle either
Switeck Posted January 8, 2009 Report Posted January 8, 2009 I would be surprised if they are able to read the streams completely. Instead, they're probably just sniffing "low hanging fruit" such as Tracker updates in-the-clear and unencrypted peers/seeds passing you peer exchange lists. Then they can be reasonably certain that ALL ips mentioned by the tracker and peer exchange are BitTorrent links to be throttled/blocked.Realtime cracking of the RC4 stream is not really possible...at the point where an ISP might be capable of doing it, they've got too many streams/sessions to worry about brute-forcing a single ip-to-ip stream. And if they're trying to do that like Virgin in the UK:http://www.theregister.co.uk/2008/12/16/virgin_bittorrent/page2.html...that seeks to "monetise the intelligence" of their network and "lead the ISP industry in new network services that exploit customer data."...you need to leave them QUICK because they CANNOT be trusted with your data!
soulstace Posted January 9, 2009 Author Report Posted January 9, 2009 Hello Switeck,It makes much more sense to throttle/block bittorrent in that matter rather than trying to decrypt (crack) the traffic.Thanks for your comments.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.