Jump to content

Role of Tracker after Download has Started


radium

Recommended Posts

I've been using uTorrent for some time and to be honest only have a broad outline on how the whole bittorrent thing works. Reading the protocol information referenced in this forum and in other locations, it's clear how the peer-tracker interaction initiates a download and how peer-peer interactions maintain the peer network as the download progresses.

My question is what role does the tracker play once the download has been initiated? Is there a on-going interchange of messages between the tracker and peers as long as the torrent is active?

Link to comment
Share on other sites

Switeck -

Thanks for your response as well.

This brings up a question: if a peer is required to respond to a tracker, is this a vector for a DNS attack against peers in the torrent cloud assuming the tracker identity can be spoofed?

Link to comment
Share on other sites

Sure, but there is DHT as well

Clients could cache the IP address to avoid spoofing as well but I think the problem is so rare that it isn't worth the trouble (it's no big deal, couple of minutes to implement, but still). Assuming that it wasn't spoofed the first time, of course. If you want to prevent that.. send DNS queries to OpenDNS as well or something like that? It would be hard to determine which DNS server gave the correct address though - other than just trying them all and seeing where the best peers come from I can see no good way of determining up front what the 'right' IP address is.

But, as far as I know an attack such as this is rare against bittorrent, so trying to avoid it would be very low priority.

Link to comment
Share on other sites

radium said: "if a peer is required to respond to a tracker, is this a vector for a DNS attack against peers in the torrent cloud assuming the tracker identity can be spoofed?"

Bad ips in the peer list are retried slower and slower, if not dropped completely from the list, in the event they do not respond.

DHT and Peer Exchange are NOT supposed to pass out BAD peer and seed ips, so they would not be assisting in an attack on a single ip OR on the torrent cloud as a whole. The "real McCoy" seeds and peers might still be able to knit themselves together without the tracker being online so long as it's a public torrent.

Link to comment
Share on other sites

  • 2 weeks later...

My thought was a server posing as a tracker could flood the peers with requests, and assuming they "must" respond, degrade the torrent network's capacity. I've seen instances where server farms and large bandwidth have been used to "poison" torrents; inject bad pieces into torrent networks at rates sufficient to overwhelm legitimate peers. The hardware and the will certainly exists.

This gets back to my original question; what purpose does the tracker serve once the peer has joined the network? The updating of peer lists is a good one. My concern is, and maybe it won't be as I learn more, is that in any P2P protocol that requires exchanges to maintain protocol, that sufficient protections have been put in place to insure that no one can nefariously insert themselves in the middle.

Link to comment
Share on other sites

A tracker doesn't do ANYTHING to peers but respond to peer requests...not the other way around.

And those requests should only come once per 30 mins/hour, and all that's requested is peer/seed ip list for each active torrent the tracker is listed under.

There is essentially ZERO vulnerability in that regard.

The server farms that send out bad pieces have distinctive behavior, and they're mostly in only a few distinctive ip ranges.

So block these hostile IP ranges:

http://forum.utorrent.com/viewtopic.php?id=46221

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...