New Tool Promises To Passively ldentify BitTorrent Files

QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.

Evil Bit

[Lord+Byron+II]

For the record, I have a rule in my iptables that specifically turns off the "evil bit" in any of outgoing packets. Thank God for Linux! =)

Re:Evil Bit

[VValdo]

wut

It's all detailed in RFC3514.

W

Re:Evil Bit

[pitterpatter]

Moderators, this is a textbook example of a "funny" post. On that basis, I think it deserves a 4 or 5. But it isn't otherwise that interesting, IMHO.

Re:Evil Bit

[DiegoBravo]

> Slashdot does not reward karma for "funny" mods

Yes, and this is one of the silliest things in /. The most informed and insightful teachers I had at school and university were also funny most of the time when delivering lectures, and of course this applies for comments too.

Re:Not yet

[blueg3]

He probably read page 2 of the article,.

Re:Encryption?

[genner]

TFA confirms it, near the end of the second page. It also only currently works at 100 megabits/second.

So my oc4 line is safe!

So...

[Adrian+Lopez]

So... they invented packet sniffing?

Fantastic!

I can hardly wait for this software to hit Demoniod!

Re:Not yet

[Rary]

He probably read page 2 of the article,.

Ouch! Wow, do I feel like a retread.

Oh well. Allow me to turn this around and make it the website's fault instead of mine: who the hell decided that such a short article needed to be split into two pages? This isn't a print medium. Have they never heard of the scrollbar?

I'll go away now.

Re:Not yet

[Rary]

who the hell decided that such a short article needed to be split into two pages?

The guy who wants to get a lot of ad revenue by making you see more ads.

Someone should point out to that guy that he put the same ads on both pages.

Re:Encryption?

[Joce640k]

It knows every "illegal" hash on the Intertubes?

If it does that's more newsworthy than the gadget itself.

Re:Carrier Status?

[Jurily]

Usenet probably counts as a cache under section 512(b) of the DMCA; as long as ISPs process takedown notices correctly they have no liability.

alt.binaries.takedownnotices?

Re:Encryption?

[noidentity]

this has some key things to overcome before it can be used:

* Has not been tested for false positives (explicitly stated by a researcher in the article).

Here's my implementation. It also hasn't been tested for false-positives, but I'm hopeful:

bool is_illicit_content( /* may need parameters in the future */ ) { return true; }

Re:Encryption?

[cbiltcliffe]

Depends how it works.

I'm betting something like this:

$data = read_data_stream($eth)
if (get_protocol($data) == "bittorrent")
      {
      $illegal_content = 1;
} else
      {
      $illegal_content = 0;
}

In which case, encrypted or not, you're still guilty.

Re:Encryption?

[cbiltcliffe]

Sure it is. But when it seems to slow down to 100Mb, shortly, it's just network maintenance. Honest.