{"id":901,"date":"2009-02-12T22:44:39","date_gmt":"2009-02-13T06:44:39","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=901"},"modified":"2009-02-12T22:44:39","modified_gmt":"2009-02-13T06:44:39","slug":"current-event-tracking-bittorrent","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/12\/current-event-tracking-bittorrent\/","title":{"rendered":"Current Event: Tracking BitTorrent"},"content":{"rendered":"<p>The Air Force Institute of Technology <a href=\"http:\/\/www.technologyreview.com\/computing\/22107\/?a=f\">recently announced<\/a> a new technique for &#8220;detecting and tracking illegal content transferred using the BitTorrent file-trading protocol.&#8221; The authors claim their technique differs from previous attempts, because it is does not change any of the traffic going over the network.<\/p>\n<p>The tool examines the first 32 bits of the file&#8217;s header to identify BitTorrent traffic on the network. Once a connection has been identified as a BitTorrent transfer, the file&#8217;s hash is compared against a blacklist of known &#8220;contraband files.&#8221; These blacklisted files are described as &#8220;pirated movies, music, or software, and even child pornography.&#8221; Rather than disrupting the transfer, this tool simply logs the network addresses involved, presumably for later prosecution.<br \/>\n<!--more--><br \/>\nPeer-to-peer traffic is placing an increasingly large burden on ISPs&#8217; bandwidth.\u00a0 As a result, the ISPs are constantly looking for ways to reduce this type of traffic. Tools such as the one discussed above would allow ISPs to throttle back the bandwidth on clients with excessive peer-to-peer traffic, opening the network up for other users.<\/p>\n<p>The author&#8217;s use of a global blacklist, however, raises a few concerns. First, who gets to decided which files are &#8220;contraband&#8221; and which aren&#8217;t? There are some files that are obviously illegal&#8211;the child pornography mentioned by the authors is a great example. But sometimes the line isn&#8217;t so clear, which could lead to legitimate data being mistakenly added to the blacklist. Another weakness in this system is the ease at which it can be subverted. Because the blacklisting is done on the file&#8217;s hash, a simple change to the meta-data of a file would be sufficient to completely change the file&#8217;s hash. How does the author plan to deal with this?<\/p>\n<p>The problems faced by ISPs is understandable; in mid-June of 2008, peer-to-peer traffic accounted for about <a href=\"http:\/\/www.multichannel.com\/article\/83907-Study_44_Of_Internet_Traffic_Is_Peer_to_Peer.php\">44% of all internet traffic in North America<\/a>. If this traffic is being used for illicit purposes (downloading pirated software,\u00a0 etc.), the ISPs stand to gain by blocking these users, giving more bandwidth to legitimate users. However, the task of distinguishing the good traffic from the bad is extraordinarily difficult. Until these problems are solved, this type of content filtering will be ineffective at actually addressing the problem.<\/p>\n<p>Nick Hunt, Jon Andes<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Air Force Institute of Technology recently announced a new technique for &#8220;detecting and tracking illegal content transferred using the BitTorrent file-trading protocol.&#8221; The authors claim their technique differs from previous attempts, because it is does not change any of &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/12\/current-event-tracking-bittorrent\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":78,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,1],"tags":[],"class_list":["post-901","post","type-post","status-publish","format-standard","hentry","category-current-events","category-miscellaneous"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/78"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=901"}],"version-history":[{"count":9,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/901\/revisions"}],"predecessor-version":[{"id":910,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/901\/revisions\/910"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}