Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Tool Promises To Passively ldentify BitTorrent Files

Posted by timothy on from the checks-for-the-evil-bit dept.

QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.

5 of 265 comments (clear)

  1. It's called Port Mirroring by alta · · Score: 5, Informative

    And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?

    Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.

    --
    Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
  2. Re:Carrier Status? by commodore64_love · · Score: 5, Informative

    I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  3. Re:Yawn by blueg3 · · Score: 5, Informative

    If I read the article correctly, what they're really doing is looking at the BitTorrent infohash, which is used when communicating with the tracker and other peers to identify the torrent. (The infohash uniquely identifies the torrent.) Having a different infohash for each peer would require significant BitTorrent reengineering, I would think.

    However, it's defeated by encryption, cannot legally be used in the U.S. or Europe by ISPs, and relies on a blacklist of illicit torrents.

  4. Re:Encryption? by eldavojohn · · Score: 5, Informative

    I'm assuming this has no chance of defeating encrypted connections?

    The article explicitly says it cannot recognize encrypted files as the method cannot identify them with a hash. Although, I doubt anyone could think of a good way to ID files in encrypted BitTorrent.

    I thought my summary submitted this morning did a better job describing this but you should note that this has some key things to overcome before it can be used:

    • Has not been tested for false positives (explicitly stated by a researcher in the article). This has been known to totally render a technology unusable (face recognition, anyone?).
    • Their device only works on up to one hundred megabit per second before it starts to act as a choke point which makes it usefull only on a small scale (not for police/ISPs).
    • Does not work on encrypted files.

    They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.

    --
    My work here is dung.
  5. Unclear wording by Rix · · Score: 5, Informative

    This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).

    This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.

    The only notable thing about this article is that it points out how clueless tech journalists really are.