Slashdot Mirror
BitTorrent and End to End Encryption
An anonymous reader writes "As ISPs like Shaw and Rogers throttle their bandwidth to counter the growth of BitTorrent, BitTorrent developers are fighting back with end to end encryption. Oddly enough, Bram Cohen, the original brains behind BitTorrent, doesn't support this direction. Is there really anything he can do about it?"
Good thinking. Except there are two companies that run the high-speed lines here, Rogers and Bell. Ignoring the fact that Bell Sympatico DSL is quite slower than my tier of cable for a moment, what happens if Bell also filters Bittorrent? Are you suggesting that the appropriate course of action then would be to move?
On a more practical note, use port 1720 (used by Rogers' own VoIP digital phone service, so they can't and don't deep packet filter it) and if that doesn't work (remember to restart your client and forward ports accordingly) try BitComet with the encrypted header option. Worked fine for me after a bit of fiddling.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Shaw and Rogers are the two major cable providers in Canada.
Does it affect a lot of people? You bet.
[alk]
In semi-related news, BitTorrent Inc. and Opera announced today that Opera 9 will offer BT capabilities. I do remember that a beta of Opera 8 had BitTorrent built in, but that hasn't been present in versions released since (i.e. since it went freeware).
http://www.opera.com/pressreleases/en/2006/02/06/
Traffic analysis systems are available that detect traffic *patterns*. The determining factor for what defines traffic as being VoIP, or Bittorrent, is the patterns flows follow. For instance, a VoIP connection is a very consistent stream of data to one host, where anything file sharing related will be far from smooth, and will be talking to many hosts.
Even in the case of changing ports, this is easily detected. I work for a medium sized broadband ISP, and we extensively use the layer7 module for iptable which detects flow type based off of a "fingerprint" of traffic; a fingerprint simply being made up of several unique characteristics of a particular packet type.
I'd say that a significant number of users use p2p type stuff. Everyone I know at work uses some type of p2p software... eventually it will be impossible to restrict users of p2p unless you cut off all your users.
I am also a Rogers user...
And I am downloading at 200kb/sec+ on a torrent right now...
Firstly, check your router to make sure you have the appropriate ports opened/forwarding
Then, do NOT use the standard port for BT.
Cheers
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
Similar discussion has taken place at the gnutella developer forum, and the client gtk-gnutella already has encryption in place for the same purpose.
/uri-res/N2R?urn:sha:* HTTP/1.0" will be cause the connection to
be dropped
This post describes how ISP filters peer to peer gnutella traffic. To quote:
CableVision, for example, is known to drop incoming Gnutella connections and Gnutella HTTP requests. This has absolutely nothing to do with port filtering. You can easily verify this by modifying your HTTP request. Something like "GET
We understand your concerns regarding issues you are experiencing with your peer-to-peer (P2P) applications. To ensure a consistently high level of service for all Rogers customers, it is necessary to put limits on the amount of network bandwidth available for certain types of applications. This process is called traffic regulation (rate-limiting, traffic shaping, throttling).
As peer-to-peer (P2P) applications have grown in popularity, their share of overall network traffic has increased dramatically. In particular, the application Bittorrent uses all of the space available for uploads. To ensure that a relatively small number of applications do not slow service for everyone, Rogers limits the space available for P2P uploads. This ensures all customers have a high level of service for time-sensitive tasks like sending email, requesting web pages or voice messaging.
Rogers does not block any type of Internet traffic or application. Nor do we monitor the content of customer communications or activities on the Internet. Our traffic regulation is based on the type of application, not the way it is used.
What a crock. I paid for the bandwidth and they hosed me big-time. I tested this by downloading various linux torrents that were well represented. Anyone know what else I can use to fully use my upstream bandwidth? I suppose I could 'wget -N' a static link in a continuous loop to saturate the bandwidth.That should be "BitTorrent and End-to-End Encryption".
Denham's Dentrifice, Denham's Dentrifice, Denham's Dandy Dental Dentrifice, Denham's Dentrifice Dentrifice Dentrifice.
Wow - didn't know that. Here in Nova Scotia, they've been behaving respectably (at least with broadband, can't speak for any of their other services). Sorry to hear that. Do you have an alternative over there?
Rogers and Aliant is it. The final nail in the coffin for me with Aliant was when I was away on business for a few weeks and they decided to start filtering inbound SMTP traffic. I called and asked about it and they claimed they weren't doing any filtering. When I replied with tcpdump output proving my case, they forwarded me to their abuse department. A few weeks without mail, so I immediately switched to Rogers when I got back.
Not only do I have a faster service (5Mbit with Rogers at the time, when Aliant was offering 2 or 3Mbit IIRC), but they only filter outbound SMTP (not a problem), I have a relatively "static" IP address, and I don't have to deal with the hassles of PPPoE.
Also, bundling our cell phones, television, and internet is a huge win. The Vibe Vision service was shut down, and reborn as Aliant TV some years later.. but it hasn't been rolled out in any areas other than Nova Scotia.
By the way, In the late 90s, things were different. Fundy Cable (who was purchased by Shaw, then by Rogers) had a one-way cablemodem. NBTel (part of Aliant) was trialing 10Mbit/10Mbit HFC service in my neighbourhood. For $39.95/month! It was incredible. The ride lasted a few years before they sent out an email about a "service upgrade", which was going to be $2/more per month, and mandatory. The "upgrade", of course, was the switch to 1.5Mbit ADSL with PPPoE.
Keep in mind that in many areas, there are lots of ISPs that can provide you with DSL service. This service is provided by either 1) using the telco's DSLAMs and ATM networks to connect your home to the ISP (the most common method), or 2) using ISP-owned DSLAM equipment co-located at the central office (Speakeasy/Covad, various local ISPs). If you're just using the telco to move your bits across town to the ISP, I doubt the telco is going to bother traffic shaping your data.
I mention this because I think a lot of people don't realize there are more DSL options than just the local telco's internet service. When you go to the telco's home page, they certainly don't go out of their way to let you know about this. There are lots of small and regional ISPs that would love to have your business.
The biggest problem you might encounter with DSL is that many telcos require you to subscribe to phone service before they'll allow you to subscribe to DSL. I know this is definitely the case in BellSouth territory. I've heard that you used to be able to get a "dry copper" (i.e. "alarm circuit") DSL line to an ISP in BellSouth territory (a friend of mine used to have this sort of hookup in Oxford, Miss.), but they've since put an end to that. Where I live (Denver, Colorado), the telco (Qwest) does offer "Naked DSL" so you don't have to bother with a landline if you don't want one.
I have DSL with a local ISP who runs their own DSLAMs in my neighborhood, and it works out well.
David
Which is why the FTC in Australia has warned ISPs about advertising their services as "unlimited" if they do any rate-limiting or shaping (which pretty much all Australian ISPs do).
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
they tend to take up a lot of the routers memory
Nope. You're confusing "router" with firewalls, NAT, and other forms of connection tracking and stateful inspection. Most ISP routers don't do anything like that. The closest you'll find is flow caching which is just a fast routing process... it's optional and there are limits on how much memory it can consume. When an idle flow expires, that doesn't break the connection; the router will simply follow normal routing proceedures and build a new flow record for subsequent packets. Routers don't care what the traffic is; they only care about where they need to send it. (and in some edge cases, where it came from.)
That's not to say routers don't have limits. Every router has a maximum throughput both in packets per second, and bits per second. PPS is generally limited by routing speed -- how fast can the router determine where to send this packet. BPS is limited by the physical hardware -- how fast can bits be copied/signaled between interfaces.
One of the key reasons ISP's are resorting to throttling is shear bandwidth. ALL ISP's oversell their connectivity. (It's the only way to make money on the low end where consumer's live.) They don't have the capacity to give everybody their 5M down/384K up all the time. And it gets worse... for a cablemodem, a single channel is 30Mbps down and 10Mbps up (+/-). When one is saturated, the other is starved -- the ACKs have to get in there somewhere. So, that 5/384 setup can support 6 people down and 26 people up, at once, per channel. There are literally hundreds of modems on each channel. Honestly, I'm surprised anyone can max their connection for any measurable duration.
(DSL is just as bad, if not worse. Having worked for a DSL provider, I know it's worse.)
Unless, of course, that VOIP service is Skype, which uses a peer-to-peer protocol to multi-route packets.
Yaz.
Every fraction of a second the lines are dark is investment lost, it costs a fixed ammount to install, and small cost of electricity to run the network, if its not being used than the capacity is wasted.
If north american ISP's would live up to the high bandwidth - fibre, true broadband they have been promising there would be no problem with quality of service, no problem with high bandwidth apps.
south korea and japan have 100mbit, 1gbit networks, 10 and 100mbit is available in many places in europe, if ISP's in north america would stop being driven by short term profit and invest something in the infrastructure as other places have done, even if its only 10/10mbit to the customers and new backbones, all the issues around bandwidth scarcity would virtualy dissapear.
From my experience (and I could remember this wrong, as I haven't touched IPSEC for over 5 years), the IPSEC protocol in the way as-is wouldn't work well with BitTorrent because it requires a PKI infrastructure so that the two ends can authenticate and exchange keys before the actual communications. And a PKI isn't easy to setup, and will require a central CA to handle all the certs.
Furthermore, IPSEC, by its old protocol has NAT transversal problems as in it cannot do NAT. And even the IPSEC with the NAT option, I think it is called IPSEC NAT-T, still requires the encrypting certificate to have a name matching the IP of the computer. Hence, requiring a static IP on the computer and/or the public interface on the router. Furthermore, it would cause problems if the two computers on both ends have the exact same IP in the private network (192.168.0.5 or something) as that would lead to interesting conflicts.
IPSEC isn't design for such a use like BitTorrent, it is more for securing the communications on a MANAGED local network, or a VPN, or a tunnel through the internet between networks, so that no one can sniff your data or spoof the destination/source computer. I believe in this case, IPSEC is the wrench while BitTorrent is the phillips screw; wrong tool for the wrong problem.
This is simply not true. I have cox and have never had a problem seeding. This sounds like user error to me.
----------------------
58.0% slashdot corrupt
Huh, that's funny. Where is your proof of this? I would argue that geeks utilize bandwidth in a much more efficient way. Having done three years of technical support for a university, it was always the non-geeks that were generating the most traffic. When we did traffic reports, those generating the most traffic (a consistently high amount) in the dorms would have their network ports deactivated, and I would have to go figure out why. I only remember going into one geek's room to find out why. He was sharing out a whole lot of music. The rest of them? Malware, zombies, worms/viruses, etc. from unpatched, unprotected machines that are sitting wide open on the Internet. Most geeks downloaded locally available files (ala programs like Direct Connect), or used BitTorrent but had their upload throttled back a bit. Non-geeks just setup KaZaa or Limewire, and share out their whole C:\
So I would have to disagree with you from an ISP perspective.