Comments on: This can only mean one Thing! Injection!

By: Bloommupe

Bloommupe — Thu, 03 Jul 2008 11:01:21 +0000

Salam
What do your think about remove downloader ?

By: Kalief

Kalief — Sat, 24 Nov 2007 07:54:19 +0000

“Since THEIR filter only sniffs the first data packet of a connection [...]”

Would it be possible to send a dummy ‘first packet’?

By: Crest

Crest — Thu, 22 Nov 2007 18:59:03 +0000

Using HTTPS with RC4 or what ever bad but fast crypto is available.

By: Tobias

Tobias — Sun, 25 Mar 2007 17:46:46 +0000

Hmm,

just a thought: Instead of dropping RST packets, maybe just hold them back? This ensures that legitimate RST packets get to the kernel and can properly close connections and injected packets (hopfully) arrive after the original packet. You’re out of luck if the ISP drops the original packet, which they probably will if the filter vendor notices this “delay” trick in wide use…

By: erdgeist

erdgeist — Wed, 07 Feb 2007 18:47:10 +0000

Well, some problems DO occur.

• First, only a fraction, a really tiny fraction, of torrents do include https-URLs for their trackers.
• Second, to circumvent omnipotent firewalls you would have to include your tracker’s fingerprint in those torrents or buy a signature for your certificate.
• Third, clients will need to talk https (the most recent ones, using their OS’s http-engine do).
• Fourth, handling thousands of connections per second suddenly becomes a problem when bignum arithmetics get involved. One would use an ssl proxy to do that, anyway and with an appropriate amount of money you can use crypto accelerators. Until now no open tracker seems to be willing to spend that amount of money or cpu ressources.

However, thanks for pointing out that option.

By: ths

ths — Sun, 04 Feb 2007 11:51:45 +0000

HTTPS –

http://wiki.theory.org/BitTorrentSpecification#Tracker_HTTP.2FHTTPS_Protocol

By: Christian Vogel

Christian Vogel — Wed, 31 Jan 2007 19:56:02 +0000

You might want to look here: http://www.cl.cam.ac.uk/~rnc1/ for the firewall-of-china paper.

By: taklamakan

taklamakan — Tue, 30 Jan 2007 23:47:40 +0000

But in this case they only sends an RST to the server, not to the client! Otherwise the client wouldn’t try again with another announce 9 seconds after we got the injected RST.

Sending an RST to the client would be useless anyway, because this is easy to filter on the client-side. Sending it to the tracker is much more useful, because most tracker owners don’t care!

By: pascal

pascal — Tue, 30 Jan 2007 21:00:20 +0000

btw. this is the same technique the “great firewall” of china uses (lost the source but I think fefe posted it once), sending RST to both ends if unwanted traffic occurs…