ISP vs. BitTorrent

By Kris Plunkett at 3:13 pm on February 16, 2008 | 2 Comments

Since ISPs, most notably Comcast, some time ago began identifying and purposefully destroying or severely throttling BitTorrent connections passing through their networks, the struggles on both sides of the fence have been nothing short of a game of cat and mouse.

Round 1

The BitTorrent community’s reaction to this initial infringement was Protocol Encryption (also called Message Stream Encryption), which encrypted the protocol headers and data streams so that ISPs have a very hard time identifying P2P traffic. Unfortunately, ISPs have found ways around this by applying methods that involve pattern analysis. For example, if a particular customer is receiving multiple incoming connections for the same non-standard port, and a significant amount of upload traffic is coming from that customer, then chances are very good that a torrent is being seeded or some file is being shared via another P2P protocol. The ISP proceeds to either throttle the connections or to send TCP RST (reset) segments. While setting your firewall to drop reset segments prevents the latter from killing connections entirely (assuming all peers involved do so), not much can be done about ISP throttling. That is, until soon…

Round 2

The latest weapon in the BitTorrent arsenal will be an extension to the protocol called “Tracker Peer Obfuscation.” When a peer connects to a “swarm”, which includes all peers that are currently involved in exchanging a certain set of files, it contacts the “tracker” and obtains a list of all IP-port pairs associated with all peers in the swarm. This is how a peer knows who to download from. ISPs have found ways to intercept this exchange and use the IP-port pairs to know what connections to throttle or kill. Tracker Peer Obfuscation, should a BitTorrent client application choose to support it, states that this exchange between the tracker and a peer will be encrypted using RC4. Although only a modest level of encryption, it should prove enough to prevent ISPs from intercepting that data and using it in their pattern analysis. How effective this will be, especially in combination with Protocol Encryption/Message Stream Encryption, is still to be seen.


Since it was discovered that ISPs actively throttle and destroy identified P2P connections last Summer, service providers have outright denied the latter and have used the excuse that throttling these connections makes the Internet faster for everyone. Opponents to these view say that ISPs need to stop throttling throughput and upgrade their infrastructure instead. They argue that the new age of the Internet is only going to bring with it demands for enormous amounts of bandwidth, so ISPs ought to make sure they are ready to meet those demands.


The latest from torrentfreak.

The actual proposal for Tracker Peer Obfuscation by the BitTorrent development community.

Wikipedia on Protocol Encryption (Message Stream Encryption).

A video (avi) illustrating a seeder (using utorrent) losing connectivity seconds after others connect to him. [47.3MB @ 45KB/s max ~ 16.5 minutes]

Filed under: Availability,Current Events,Privacy2 Comments »


  • 1
    Get your own gravatar for comments by visiting

    Comment by kurifodo

    February 17, 2008 @ 10:56 pm

    I am someone who is of the position that ISPs should not be allowed to throttle traffic in this manner. When signing up for service, they do not make it clear that this kind of behavior is carried out, and when it was first implemented, they did not warn customers or differentiate between “good” and “bad” torrenters.

    So they would like to limit BitTorrent traffic so that overall internet experiences for everyone are smoother, but it seems to me, we are paying for an experience that is just being cut short of what it really ought to be. This is wrong. Comcast and other ISPs who do throttling should instead consider investing in upgrading their lines to increase bandwidth. What ever happened to serving the customer and putting them first?

  • 2
    Get your own gravatar for comments by visiting

    Comment by sky

    February 18, 2008 @ 3:59 pm

    This Tracker Peer Obfuscation business has an element to its encryption that we do not hear about in class. We learn about integrity/privacy/authenticity/availability, but here we have a totally new concept. This TPO stuff is masking patterns about the sender/receiver of the packets. This might only be the begging of a whole new series of encryption schemes that place less value on the information being sent, and more value on the anonymity of the sender and receiver.

RSS feed for comments on this post