All this fuss and bother...

...so people can share Linux distributions.

lmao @ UK

How far the mighty has fallen. Doesn't the UK still have to follow EU laws? I thought Europe was supposed to be more mature and protective of things like individual civil liberties. Pretty sad when the UK is even worse than the US Inc. when it comes to these issues. At least our government is bought and sold by the corporations who are some what accountable to shareholders instead of self appointed incompetent window lickers who are accountable to no one. Hey UK wake up. If even we the sheeple in the states can get rid of Bush and buddies perhaps you all shouldn't be reelecting NuLab and Gordo Brownie.

but of course

This is silly. As silly as patenting One click.

This is simply using the bittorrent protocole.

There are two ways to announce your IP to the tracker. Either you don't give any address, and the tracker assumes that the originating tcp/ip address is your address. Or you can give ANY address in the corresponding address field of the first request.

This has been possible since day one.

What this seedfucker does is that it's a script that connects to trackers and sends fake originating IPs.

It's VERY easy for trackers to protect from that. Simply look at the originating tcpip address, which CANNOT be faked. And ban anyone who sends you more than 2 or 3 different addresses...

And of course it can be exploited to give out government, majors, you name it, IP addresses :)

So to sum up my feeling, there is no exploit or any special thing here, only an idiot who wrote a huge script that fakes IPs. No hacking here.

Swings both ways

Everyone seems to be in a stir about so called file sharing. But the recording industry is also part of the problem. The recording industry has lobbied Congress (US) many times to get copy right extensions. With the Sony Bono Copy Right Extension (1998), the copy right on movies has been extended to 120 years in some cases. Virtually every movie produced by a movie studio is now copy righted. In essence, there is no public domain for copy righted works. These extension laws were designed to preserve works of art, but they only serve to allow the recording industry to bury their movies and music forever. Until the recording industry is willing to compromise with the public (things like limiting the length of a copy right to 25 or 30 years maximum), they will have little success in fighting file sharing. All of the draconian laws to stop file sharing will fail. All that will be produced is a hot war between the public and the recording industry. Greed can only go so far

Remember Prohibition!

That worked.

Ban Drugs................. that worked...................... eh what was I saying... hey crisps!

hmmmmm hamburgers

Carry on...

Not quite Kieren

Kieren, please, read the code. Then understand the bittorrent protocol, and you'll see why the conclusions in your article are false. Most of the big trackers already do this anyway, and have for years. After the University of Washington study in 08, antiP2P companies doing monitoring wouldn't be affected by this either, as they learnt their lesson.

However, about the only practical use for this code is to inflate scrape-value peer numbers for fake torrents, so that the values on some sites will be higher, leading to people downloading it. If anything, the Antip2p companies are the ones most likely to be using this, to 'entice' people onto their torrent so they can be tracked.

If you want more detailed reasons, Kieren, then get in touch.

VPN's

Surely the easiest way around the new legislation is simply to treat your ISP as a pipe through which you create a SSL VPN? The ISP then can't see what you may or may not be downloading, which means they needn't consider cutting you off. Apart from rather a lot of traffic on port 443, the only thing my ISP knows about my surfing habits is that I occasionally use for PS3 to play games online.

I don't understand the significance

An ISP employing deep packet inspection will be able to spot BitTorrent connections regardless of what the client is reporting. For a spy outside the ISP's gateway it's a simple matter to connect to the supposed port and find out if it's really sharing said file.

In essence this exploit appears useless but we're not given a chance to confirm the story ourselves because Kieren McCarthy in San Francisco gives not one reference and has shown a poor grasp of the subject at hand. (e.g. "No sooner had Napster been taken down than a new method of file sharing, BitTorrent, was rapidly adopted.")

For the uninitiated Gnutella, WinMX, FastTrack and eDonkey all had their time in the spotlight before BitTorrent bloomed late.

(My reference: http://www.slyck.com/story1314.html)

A previously Ambilivant Paytard Comments

I was listening to Radio 4 on this whole new law and t hey summed it up by saying something like that it was rubber stamped by "Mandleson at a Meeting with Geffen on the Rothschild Estate ......... it doesn't get anymore sinister than that"

As a Paytard i wasn't even interested in this topic until they passed this dodgy bill into law without proper consideration during the washup but i am now. I think they best way to upset the Politicians and teach them a lesson would be for the interwebs collective uber brain to devise some new sneaky code that makes a mockery of it. Perhaps they will then be forced to rethink and consider if screwing the civil liberties of all to find a few is really a proportional response to copyright protected file sharing or as it otherwise known some kids downloading some rubbish they weren't going to buy anyway.

There is no denying that we need to protect copyright and intellectual property, as a devloped nation we depend on such things more than others. That said when technolgies and laws are passed not to protect intellectual proerty but instead illegal and immoral cartell based business models its time to draw a line.

it's only a matter of time

before bittorrent peers become either untraceable or participation impossible to prove due to the deluge of false IP addresses being thrown into the swarm

anyhow, they can't even catch anybody now, so I don't think I'll bother panicking

If I'm reading this correctly

This is very old news. The tracker protocols (actually just a HTTP/URL protocol for announcing you want to join the peer network) have had the ability to specify the IP address you're connecting from for ages. Not all trackers will support the IP= field, but it seems that most do. It's very handy if you're sending all your tracker requests through a VPN, tor network or web proxy, which seems to be the main reason it's supported in the first place.

Once again, I'm pretty sure the code described in the article is based on old knowledge. There's a good paper describing how (I think) this technique was used to get DMCA takedown notices sent to a network printer:

http://dmca.cs.washington.edu/dmca_hotsec08.pdf

The Reg article is also quite a bit off when it talks about using this for "anonymity". In fact, if you want to connect to the swarm, you have to have a valid IP from which you can connect. Once you're in the swarm, the tracker knows about it and will gladly tell anyone who makes a request to join later. All you achieve by feeding fake IP data to the tracker is to increase the amount of unnecessary traffic that will be generated by peers trying to connect to random machines and making it more difficult (but not impossible) for eavesdroppers to say with certainty whether a given IP is actually part of the swarm.

The next logical step for eavesdroppers is to actually attempt to connect to the sites themselves and see if they're actually accepting incoming bittorrent protocol messages. Of course, the other side can also make things more difficult by picking machines they know will be listening/conversing on a given port, so eavesdroppers might end up with a few more false positives than they'd like. Plus, if there are enough fake IP messages spread out to enough popular active torrents, the effect on the targetted IP address could be tantamount to a DDOS. I'm actually surprised nobody's gone and exploited that one so far.

Although it's not mentioned in the article I linked, there's also the possibility of using the Peer Exchange feature of bittorrent to achieve pretty much the same spoofing behaviour.

Finally, I think I'll go anon on this one cos I'd written my own scripts to do this spoofing since around, oh, Hadopi 1. Not that I've ever used them to bombard French government sites with masses of torrent traffic, but since it seems like such an obvious thing to do, I don't want to get blamed for the actions of any other (hypothetical) script kiddies who've had the same idea. Better safe than sorry.

The dark sith

"Obi-Wan once thought as you do. You don't know the power of the Dark Side, I must obey my master. The ability to destroy a planet is insignificant next to the power of the force. You cannot hide forever, Luke."

Privacy Pirate Party UK!

GNUNET?

http://gnunet.org/

What?

There's free stuff on the Internets?

Who'd a known it?

It's So Sad...

...that a great idea like Bittorrent has become syonymous with freetards. Cascade distribution is the greatest bandwidth saver ever. Oh well.

211, on the other hand, prevents me from letting my rant-quest from going up the tower.

A waste of time

This is not going to hide anyone from from the authorities any no one should be downloading this fix, its probably rigged to report you straight to Sony and the other media industries.

The fact is Media is quite expensive to the average person (believe me I have been poor) paying 79p for a song that your not going to listen to that much in 6months or a year is just a waste, movie rentals catalogues online are not extensive or big enough (in the UK at least) to be worth the £4-8n per a movie extra storage space, broadband connections and TV screens and media players to view the content is not that cheap either.

If young people can't be involved in the new media content and spread its popularity then it will never take off, the main culprit in this whole silly mess is the Media companies that failed to change their business plans in the decades they controlled the industry, why oh why am I still being offered pop corn at the cinema can't stand the stuff! I would like a hamburger and a milkshake, that would make me go to the cinema not a bloody 3d film with smurfs, which I have to wear glasses that don't fit well on top of my glasses.

When an artist/director creates some media content there is no reason it shouldn't be available worldwide instantly (without favor to the US) and at the same price (not just by replacing a $ with a £) and maybe YouTube wont stop people from watching content from other countries for no obvious reason other than a request from a controlling media industry, they'll stand up to China but not EMI lmao

I look forward...

...to the day when all this fighting is a footnote in history (like the fighting after the introduction of radio) and we can all get on with enjoying music, movies and books without the background noise of freetards obtuse whining or being made to feel guilty by pigopolists who refuse to get with the times.