Electric Sheep and Bittorrent

Security

Earlier this week I observed one of my laptops running World of Warcraft, which was accessing a *.torrent file. Today, I found another application, this time a screen saver called Electric Sheep is using it.

Electric Sheep is a similar concept to SETI@home; network several machines together to utilize processing cycles once the machine goes idle. Electric Sheep, instead of looking for ET, renders fractals which are intended to be analogous to computer dreams. Cool concept both as a screensaver and the fact that it utilizes the Bittorrent protocol for information sharing.

It’s obvious the Bittorrent protocol is gaining a foothold in mainstream computing. Now all that is needed is an authorization or identification bit in the TCP handshake that will ID the application. That way us network security apes can authorize certain Bittorrent applications to cross the gateway while blocking others.

For more information about this topic

posted by Michael on 03.28.08 @ 7:07 am | 4 Comments

While I guess these BT uses aren’t the illegal p2p sharing that we would have originally intended to block, WoW game updates and fancy screen savers still don’t seem like legitimate business needs that should be allowed. Or maybe I’m just being a curmudgeon.

By cji on 03.28.08 7:28 am

I’m with you. The only reason I know about them is because I see my security infrastructure sniping them.

By Michael on 03.28.08 10:21 am

re: the identification bit

this seems like the perennial problem with network-level filters – they can identify the protocol but not the application without some kind of integration with the end-points… that leaves them without a valuable piece of contextual information about the communication that’s being attempted (though the application isn’t the end of the story context-wise)…

the identification bit seems like a kludge to overcome that problem, but that said, conventional bittorrent clients do report their name and version… some clients allow you to see a breakdown of the various types of clients you’re connected to… further, some sites/trackers have in the past banned certain clients for abuse (some special clients were made that leached but didn’t seed)… to highlight how much of a kludge an identification bit is, though, the people making those abusive clients adapted to the banning by making their clients lie about the clients’ identification…

By kurt wismer on 03.29.08 12:14 pm

And the arms race continues. =)

NPR had a program last Sunday about Bittorrent, the author, etc. It was a good program, though it was geared more towards the less-technical, for obvious reasons.

Their take on it is that it is going to revolutionize the Internet and challenge capitalism’s ‘ownership’ paradigm. I think that’s a bit heady and sensational, but there’s no doubt its been somewhat pivotal in changing the way files are shared.

Bittorrent’s biggest hurdle in my mind is repudiation. How do I establish a level of trust for a given chunk received from user X? Ideally, I would think it’s best to establish trust at a chunk-by-chunk basis, so that an application doesn’t have to assemble all the various chunks before verification can occur, because that would be another attack vector on the system.

By Michael on 03.31.08 11:48 am

RSS feed for comments on this post. TrackBack URI