Teksavvy and Bittorrent

George Nicol gnicol-PeCUgM4zDv73fQ9qLvQP4Q at public.gmane.org
Fri May 25 23:44:36 UTC 2007 

George Nicol wrote:

> DHT is a security hazard - dangerous to *you*

Ian Petersen wrote:

>> Could you elaborate on that, or provide a link that elaborates?
>> Why is the DHT a security hazard?

I should have made it clear that DHT is a security risk to registered 
users on a *private* torrent tracker. Also, some BT clients implement 
DHT, some don't, and some implement it better than others.

If you're sharing Linux ISO torrents, for example, DHT is a Good Thing.

DHT stands for Distributed Hash Table. It is a database used by some 
BitTorrent clients to share torrents without the presence of a tracker. 
DHT is useful, then, to continue torrent sharing among peers without 
interruption if the public tracker should fall over or be taken down for 
maintenance.

DHT should always be disabled in your BitTorrent client if you are using
a private tracker, as it can create problems for private trackers.

DHT allows connecting to clients which are not registered with the 
tracker, which will result in invalid statistics. Bad statistics, aka a 
share ratio < 1.0, will result in a user being banned from a private 
tracker site. It is possible for Azureus to report a share much > 1.0 
but the private tracker only logs traffic between peers known to itself 
and thus may report a share ratio much < 1.0.

DHT can allow for leakage of private information. Private trackers 
commonly use a unique 32-bit passkey that's linked to the User ID and 
the torrent being shared. The passkey should only be known to the user 
and the private tracker. It should never be shared with anyone else. 
When you initially download a .torrent file from a private tracker, your 
passkey is added to the .torrent you receive. Now your .torrent file is 
unique and, because it contains your passkey, it should never be shared 
either. DHT can enable a knowledgeable hit-and-run leecher to discover 
your passkey, pose as you, snatch torrents with impunity, share little 
or nothing back, and destroy your share ratio. You may even be able to 
watch your share ratio tank and be powerless to do anything about it.

DHT can also result in an overload of UDP traffic, which can cause 
problems for Internet connections and routers.

Clear as mud, right?
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list