radium Posted March 11, 2009 Report Share Posted March 11, 2009 I've been using uTorrent for some time and to be honest only have a broad outline on how the whole bittorrent thing works. Reading the protocol information referenced in this forum and in other locations, it's clear how the peer-tracker interaction initiates a download and how peer-peer interactions maintain the peer network as the download progresses.My question is what role does the tracker play once the download has been initiated? Is there a on-going interchange of messages between the tracker and peers as long as the torrent is active? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 11, 2009 Report Share Posted March 11, 2009 It's the primary entry point into a swarm, and if you don't check in with the tracker at regular intervals, new users can't connect to you without help. Link to comment Share on other sites More sharing options...
radium Posted March 11, 2009 Author Report Share Posted March 11, 2009 I assume by "check in", you mean the client obtains a fresh peer list from the tracker if it's able to due so. How often does a client like uTorrent check in? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 11, 2009 Report Share Posted March 11, 2009 As often as the tracker tells it to (covered in the protocol documentation).You aren't obligated to get a new peer list every time you check in, but you are required by protocol to check in when the tracker tells you to. Link to comment Share on other sites More sharing options...
radium Posted March 11, 2009 Author Report Share Posted March 11, 2009 Thanks! Link to comment Share on other sites More sharing options...
Switeck Posted March 11, 2009 Report Share Posted March 11, 2009 The tracker update interval seems to be 30 minutes or 1 hour for most of the torrents I get. Link to comment Share on other sites More sharing options...
radium Posted March 11, 2009 Author Report Share Posted March 11, 2009 Switeck -Thanks for your response as well.This brings up a question: if a peer is required to respond to a tracker, is this a vector for a DNS attack against peers in the torrent cloud assuming the tracker identity can be spoofed? Link to comment Share on other sites More sharing options...
Harold Posted March 11, 2009 Report Share Posted March 11, 2009 Sure, but there is DHT as wellClients could cache the IP address to avoid spoofing as well but I think the problem is so rare that it isn't worth the trouble (it's no big deal, couple of minutes to implement, but still). Assuming that it wasn't spoofed the first time, of course. If you want to prevent that.. send DNS queries to OpenDNS as well or something like that? It would be hard to determine which DNS server gave the correct address though - other than just trying them all and seeing where the best peers come from I can see no good way of determining up front what the 'right' IP address is.But, as far as I know an attack such as this is rare against bittorrent, so trying to avoid it would be very low priority. Link to comment Share on other sites More sharing options...
Switeck Posted March 12, 2009 Report Share Posted March 12, 2009 radium said: "if a peer is required to respond to a tracker, is this a vector for a DNS attack against peers in the torrent cloud assuming the tracker identity can be spoofed?"Bad ips in the peer list are retried slower and slower, if not dropped completely from the list, in the event they do not respond.DHT and Peer Exchange are NOT supposed to pass out BAD peer and seed ips, so they would not be assisting in an attack on a single ip OR on the torrent cloud as a whole. The "real McCoy" seeds and peers might still be able to knit themselves together without the tracker being online so long as it's a public torrent. Link to comment Share on other sites More sharing options...
radium Posted March 22, 2009 Author Report Share Posted March 22, 2009 My thought was a server posing as a tracker could flood the peers with requests, and assuming they "must" respond, degrade the torrent network's capacity. I've seen instances where server farms and large bandwidth have been used to "poison" torrents; inject bad pieces into torrent networks at rates sufficient to overwhelm legitimate peers. The hardware and the will certainly exists.This gets back to my original question; what purpose does the tracker serve once the peer has joined the network? The updating of peer lists is a good one. My concern is, and maybe it won't be as I learn more, is that in any P2P protocol that requires exchanges to maintain protocol, that sufficient protections have been put in place to insure that no one can nefariously insert themselves in the middle. Link to comment Share on other sites More sharing options...
Switeck Posted March 22, 2009 Report Share Posted March 22, 2009 A tracker doesn't do ANYTHING to peers but respond to peer requests...not the other way around.And those requests should only come once per 30 mins/hour, and all that's requested is peer/seed ip list for each active torrent the tracker is listed under.There is essentially ZERO vulnerability in that regard.The server farms that send out bad pieces have distinctive behavior, and they're mostly in only a few distinctive ip ranges.So block these hostile IP ranges:http://forum.utorrent.com/viewtopic.php?id=46221 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.