Microsoft pulls off the impossible!
They've actually found a way to sink lower. And who says innovation stopped when Blamer took over?
A team of Russian developers is touting a technology it says can kill off BitTorrent-based P2P file sharing – and says it has attracted investment from Microsoft. According to a story in Russia Beyond the Headlines, the technology developed by Andrei Klimenko, his brother Alexei, and Dmitry Shuvaev has attracted $US100,000 from …
They've actually found a way to sink lower. And who says innovation stopped when Blamer took over?
HEY THATS MY HERO STEVE BALLMER YOUR TALKING ABOUT I AWAIT YOUR APOLOGY
Apology? Here you go: http://www.youtube.com/watch?v=8zEQhhaJsU4
Nope, sound commercial sense - finding a way to disrupt Linux distributions.
Steve isn't just a pretty face ...
Yeah, right, anyone that stops freetards stealing movies is eeeevvviiillllll
You're right, he's not just a pretty face, he's a fantastic visionary too: http://www.youtube.com/watch?v=eywi0h_Y5_U
We are very sorry. Sorry that Steve Ballmer is your hero
When TPB uses dodgy legal grey areas to give you free stuff, they're visionaries of freedom but when MS use similarly grey areas to fight back, they're evil?
"When TPB uses dodgy legal grey areas to give you free stuff, they're visionaries of freedom but when MS use similarly grey areas to fight back, they're evil?"
When Anon/etc. uses DDOS to drop Internet traffic, they're evil, etc.
Welcome to Hypocracity. Population: almost everyone.
(By the way, in Hypocracity, you buy the most recently built house that blocks the previous person's views of the countryside and then complain bitterly to stop the next person's house being built next to yours.)
So does Paris.....
At least the press love him: http://goo.gl/e0jAT
That looks like spoofing and sending bogus data, not exactly overspamming DoS.
Unless it's a true DoS it can be easily circumvent - distributed block lists, signed packets, packet verification by random peers, etc. It looks like a FUD and badly invested money... at least to me and I am not even specialist at BitTorrent.
Without signing it could be rather difficult to block.
If P-Pay connect to a tracker and get the IPs of people seeding and peers downloading, they could spoof packet to either end which appear to come from the other.
I'm not familiar enough with the BT protocol to be able to work out how they kill the torrent, but I guess there could be a sign off "I've got it all now" message from a peer to a seed which they could spoof.
Or maybe just continually spoofing packets to ask for the same block over and over would be enough. It would certainly slow things down.
I would think, the way BitTorrent works, sending an "I've got it all now" message turns you from a Peer into a Seed, which means other peers will expect you to have all the pieces, which can then be verified by hash checks of the individual pieces. Plus, as others have said, IP blocklists have been used with other P2P systems, but perhaps the system is trying to spoof source IP lists to make them go to random locations which can't be blocked.
Less they got a man in the middle machine like your ISP for example spoofing TCP packets is pretty much impossible as nature of tcp won't allow it, UDP it would work but not using udp.
You can't spoof the IP header w/o ISP help, IPv6 can be an issue w/ IP blocking though.
Asking for the same block over and over can be a simple lockdown with backoff strategy.
Point is: unless PPay gets mEn-in-the-middle (aka ISP support) any technology is easily beaten.
Actually, if the nodes pretend to be seeds, they can cause serious disruption. Consider this: A node advertises itself as a seed, and then tarpits all incoming connections (in the TCP sense, by responding to a SYN with a SYN,ACK and then dropping all further packets). It won't stop the sharing, but it will certainly slow it down.
Note that a TCP-level tarpit is not easy to work around. Even if you kill the application, the TCP stack on the requesting machine will still have the connection open until it times out (typically 10-20 minutes). The idea behind the attack is to use up all the TCP connections on the machine that initiates the connection (e.g. if somebody is port scanning you they will run out of TCP connections (depending on their OS' TCP stack implementation) pretty quickly).
"That looks like spoofing and sending bogus data, not exactly overspamming DoS."
Sounds like it falls under the 1990 Computer Misuse Act. "Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc."
Most torrent clients can choose to ignore seeds who fail to provide data...
And then you distrobute that list of bad seeds :)
>That looks like spoofing and sending bogus data, not exactly overspamming DoS.
"Denial of service" doesn't mean "overspamming". Denial of service, in both the technical and legal senses, means that there's a service, and you're denying that service's users from getting access to it. Flooding it with packets is one way to do that, but there are others, and they all still count as "denial of service". Sending it a single packet crasher, such as a ping-of-death or buffer overflow or land attack, still causes access to the service to be denied, and is absolutely what the term "Denial of Service" refers to.
I think from the article above, we don't know enough to say what this will or wont achieve. Your suggestion is very plausible and would have an effect. Like other suggestions here, there are ways to defend against it. But all the real ways to defend against what people have proposed as how this might work, come down to some sort of web of trust. You can have a P2P network that protects against all sorts of attacks, but it's very difficult if you trust anyone, rather than authenticate your peers by some sort of reputation system.
So in a way, even if BitTorrent finds counter-measures to this, if those counter-measures involve making it harder to become a trusted member of the group, this is a success for the attacker and pushes pirate networks back toward being an underground sort of thing.
Of course it's not a problem for legal torrenters. E.g. distributing Linux isos. It's just a problem for illegitimate ones.
Charles 9 wrote: "which means other peers will expect you to have all the pieces, which can then be verified by hash checks of the individual pieces"
How would that work? You can have the hashes without the actual pieces. Genuine question in case I've missed something.
"Denial of service" doesn't mean "overspamming".
Absolutely. You could also add a Slowloris-type attack to your list of possible DoS methods. You don't need huge amounts of traffic to effectively knock out a vulnerable server by starving it of file handles for handling legitimate connections.
@AC - 14th May 2012 10:43 GMT
Of course if it prevents a service - it's a denial. The main difference to the spamming DoS is the ability to prevent it.
There is little to do vs the sheer brute force of DDoS, it's blunt and stupid, yet not much can be done against.
You don't need huge amounts of traffic to effectively knock out a vulnerable server by starving it of file handles for handling legitimate connections.
it's a trivial attack and easy to fend off. Using a thread (or 2) per connection (i..e blocking mode) and not closing connection when the queue threshold/timeout is reach is just sloppy programming.
"How would that work? You can have the hashes without the actual pieces. Genuine question in case I've missed something."
How would you know the hash of the pieces before you have the piece itself? It depends on the way the system works, I admit, but if you're forced to check back with a peer with the completed piece already to say whether or not the hash of a particular piece is pass/fail, you only know know the hash of the the piece when you have the completed piece, run a check, and get a pass, I would think (all of which should occur at the end of the connection that obtains the piece in the first place, so there should be a strong likelihood of being able to obtain a response).
Under normal BitTorrent, the hashes of the pieces are actually sent first. It's how you know when you've got the complete piece and that nothing has got garbled. Hashes are the parity checks of BitTorrent and everyone gets them at the start. You'd need some sort of meta-hash thing based around another key. And even then you'd only need one secret legitimate peer in the network that would give you the hashes so you could run your anti-BT tool from another machine. You could use some sort of Public-Private key system, but this starts closing down your network to outsiders, or else is useless.
And will these sneaky Russians also offer a paid service which will exclude you from their Denial Of Service attacks.
It looks like a scam to de-pocket a sucker. It has worked.
... the pirate pays you?
You (Microsoft) pay Pirate (Russians).
If Microsoft are paying some Russian company to basicly commit crimes on the web how easy does it make them to sue?
Do two wrongs make a right now??
If TPB can claim they aren't committing crimes, MS can do the same. It's about the letter of the law after all, nothing do do with old-fashioned ideas like morality and common sense.
A lexicographic conclusion of past experience:
"Microsoft" and "morality" = antonyms
"Microsoft" and "impunity" = synonyms
"Microsoft" and "Macrosh*t" or "Megash*t" = homonyms
They seem to assume that once this 'service' starts to become a problem people will continue to use the same, unmodified BitTorrent clients which no longer work, and won't instead download new, improved clients which have been upgraded to be attack-resistant. Because that's how the internet works, right?
Perhaps they should try to sell the government a device for shooting down bi-planes. I'm sure it would be just as effective.
From the title my initial guess was that the Russians had created something vastly superior to BitTorrent. After all, that's the only way to actually make a technology go away. However, my initial response to that initial guess was that no one in their right minds would trust ANY Russian programmers these days. This is just one minor reason why spam is bad (and why I wish someone (NOT the Russians)) would provide really effective spam fighting tools. (Yes, I know SpamCop has a major new version rolling out this week, but they have no fire in the belly because they have the wrong economic model.)
When I read that Microsoft was involved, I knew it was very unlikely that it would be anything good. Yes, Microsoft has managed to become less evil in recent years, but given where they started, they have a LONG way to anything like "good". (Actually their upstream work against spammers is about the best thing they've ever done.) Whatever you can say about Microsoft, you have to admit that they have some good economic models, and vampire-like sucking of blood out of creativity has become the main theme of copyright and patent law now.
What I was actually hoping for (in my foolish optimistic way) was a P2P streaming BitTorrent-like video protocol. Basic idea should be localized and automated caching so that popular videos would flow through the system in waves. It should also have an option to prevent peer discovery so that the distributors and owners of the content could reasonably maintain reasonable control by managing the seeds on their website while also minimizing their bandwidth costs.
The current economic models for streaming video are just awesome in their wastefulness. There really is a problem to that could be productively addressed there, but this Russian idea is absolutely NOT the answer to any useful question.
Blitterbug wrote: "tldr"
You know, I disagree with several things the poster wrote, but I disagree with your joy in announcing you have ADHD worse. Seriously that medium length post was too much for you? Hold on, I think I have a Michael Bay film for you around here somewhere.
A WHOLE Michael Bay film?
They know there is no cure for this except to sell people what they want. It's pointless.
Even if it does work, who can doubt that BitTorrent can't be reasonably quickly made to work around it.
In the short term it could be interesting to see how the entertainment industry reacts when the Torrent seen is temporarily "shut down" and there is no noticeable effect on sales.
and why do you think their reaction would be any different to what it is now?
How do I get some of this magical Microsoft seed fund money? From the sounds of it, all I need to do is come up with a really stupid idea!
I know.... a tainted iPad app that has secrete dodgy code in it, that causes the iPad's power management circuits to malfunction resulting in the battery exploding! - it will be the ultimate iPad killer and just what MS needs for Windows 8 BS (or whatever its called) on ARM devices to be a success!
Either that or a new IDE interface with grey everything!
In order to block *everything* they will have to scale on par with BitTorrent connections.
Maybe it works in a test case, where they can match several trackers and comparativley low number of clients, but I doubt it will work on a larger scale...
You'd be surprised. Tarpitting requires practically no resources on the machine that is doing the tarpitting.
tarpitting is fairly common on large email servers. The way round it is to manually drop connections if data isnt received in a timeframe. Then blacklist that source. Sure it might slow things down initially but it will self heal.
The torrent technology is rubbish anyway, it was a hasty reaction to Napster's server being shutdown.
What's your gripe with Bittorrent exactly? Works fine for me and the other 150 million people using it to download Linux ISOs, among other things.
Napster's contemporaries (Gnutella, Freenet, eDonkey, Direct Connect, etc) are all defunct. Probably something to do with the ease with which viruses were distributed...