Current Event: Tracking BitTorrent

By nhunt at 10:44 pm on February 12, 2009 | 5 Comments

The Air Force Institute of Technology recently announced a new technique for “detecting and tracking illegal content transferred using the BitTorrent file-trading protocol.” The authors claim their technique differs from previous attempts, because it is does not change any of the traffic going over the network.

The tool examines the first 32 bits of the file’s header to identify BitTorrent traffic on the network. Once a connection has been identified as a BitTorrent transfer, the file’s hash is compared against a blacklist of known “contraband files.” These blacklisted files are described as “pirated movies, music, or software, and even child pornography.” Rather than disrupting the transfer, this tool simply logs the network addresses involved, presumably for later prosecution.

Peer-to-peer traffic is placing an increasingly large burden on ISPs’ bandwidth.  As a result, the ISPs are constantly looking for ways to reduce this type of traffic. Tools such as the one discussed above would allow ISPs to throttle back the bandwidth on clients with excessive peer-to-peer traffic, opening the network up for other users.

The author’s use of a global blacklist, however, raises a few concerns. First, who gets to decided which files are “contraband” and which aren’t? There are some files that are obviously illegal–the child pornography mentioned by the authors is a great example. But sometimes the line isn’t so clear, which could lead to legitimate data being mistakenly added to the blacklist. Another weakness in this system is the ease at which it can be subverted. Because the blacklisting is done on the file’s hash, a simple change to the meta-data of a file would be sufficient to completely change the file’s hash. How does the author plan to deal with this?

The problems faced by ISPs is understandable; in mid-June of 2008, peer-to-peer traffic accounted for about 44% of all internet traffic in North America. If this traffic is being used for illicit purposes (downloading pirated software,  etc.), the ISPs stand to gain by blocking these users, giving more bandwidth to legitimate users. However, the task of distinguishing the good traffic from the bad is extraordinarily difficult. Until these problems are solved, this type of content filtering will be ineffective at actually addressing the problem.

Nick Hunt, Jon Andes

Filed under: Current Events,Miscellaneous5 Comments »


  • 1
    Get your own gravatar for comments by visiting

    Comment by sojc701

    February 13, 2009 @ 3:07 am

    This article scares me. It sounds the tool examines all network traffic to find the illegal BitTorrent traffic. Somebody could sniff my network packets. It looks like tapping the telephone. Who allowed those activities online?

    As being mentioned, someone would find the way to change the file’s hash. It is endless game. I think we need to focus on developing the environment that people can enjoy movies and music legally with cheap price.

  • 2
    Get your own gravatar for comments by visiting

    Comment by alyssa86

    February 13, 2009 @ 10:43 am

    It seems to me that although the ISPs are examining the packets that people are downloading and seriously invading their privacy, they haven’t really done anything with the information yet.

    Cutting back a person’s bandwidth is one option to deter people from illegal downloading, but I heard that some of the ISPs are actually thinking about charging you for the BitTorrent’s in your internet bill with an itemized list of what you downloaded.

  • 3
    Get your own gravatar for comments by visiting

    Comment by erielt

    February 13, 2009 @ 11:21 am

    First off, I dislike how this article tries to pass off this technology as something revolutionary and new, when in reality something like this can be done on lots of network hardware these days by mirroring one port to another. This in effect creates a copy of the traffic that can be analyzed without slowing down the traffic that passes through. This is not new and neither is the idea of looking for hashes.

    Addressing the hash issue, as it was mentioned, the hashes can easily be changed by adding some padding. Although users of this system could download popular content from torrents and then add hashes, thereby tracking people who download this popular content, there is too many different files being swapped around for this to be practical.

    Finally, I really get annoyed by this whole idea of trying to stop BitTorrent traffic. Although perhaps ISPs could slow and filter BitTorrent traffic as it is now, what about sending it encrypted using the HTTP protocol? ISPs can’t filter HTTP without upsetting everyone, so they would have to filter heavy users of bandwidth. What if people who were downloading torrents limited speeds to an acceptable level? This cat and mouse game really annoys me, especially with ISPs trying to severely limit bandwidth.

    Back in 2004, my family got Fiber Optic internet access which was being installed all over the area in which lived. This was excellent with high speeds that provided great access to all the web has to offer–streaming video (Netflix watch it now, Hulu, etc), uploading pictures and videos, and online gaming. Unfortunately almost all ISPs in the area have now gone into limiting total bandwidth to around 5 GB per month. Although one or two ISPs don’t limit (which I found for them after much searching), it seems like the way ISPs are cutting back on things like P2P and BitTorrent is by limiting the amount of bandwidth users have. Unfortunately, with the average customer only using around 2 GB per month (at least in Grant county where I did the research), it seems like ISPs can use a throttling solution over a better solution as internet users continue to be complacent about the terrible service provided. Until the majority begin making use of massive bandwidth through heavy technologies such as streaming HD and other video, the ISPs won’t have to worry about a solution such as the one presented in the article and can instead rely on simple techs such as heavy throttling and cutting back heavy users (even legitimate users).

  • 4
    Get your own gravatar for comments by visiting

    Comment by mcam

    February 13, 2009 @ 2:56 pm

    As the article have pointed out, the idea of sniffing network transfer content isn’t new. Cisco has been selling kits that do similar things to the Chinese government for years. (Yeah, I read the article too) So really, I don’t think this is really “news.” Well, I guess if this is going to be commercially available and would cost less than Cisco, then would see why this is such a big deal.

    And for real now, who would be buy it? Those big music companies who once sued students? Right, it would be a little more effective than tracking down case by case. However, as the article have pointed out, the product would record ISP of suspicious activities, but to determine whether such activities are indeed illegal sharing, it’s still a manual task (aka requiring people to dig through the data this product has collected). That’s a lot of data + a lot of data mining. How effective is it realistically speaking?

    I guess having some evident is better than none.

  • 5
    Get your own gravatar for comments by visiting

    Comment by kosh

    February 13, 2009 @ 5:49 pm

    I really think that the ISPs are wasting way too much money in trying to limit bittorrent or p2p traffic. In a few years or maybe a decade, this traffic will most definitely be eclipsed by on-demand video/internet tv and other hi-def bandwidth hungry applications. I think its about time that they start investing in upgrading/rebuilding their infrastructure.

RSS feed for comments on this post