Re: Bittorrent Data Port Probe

From: "Paul Melson" <pmelson@xxxxxxxxx>
Date: Wed, 22 Aug 2007 07:54:50 -0400

On 8/21/07, Tom Griffin <t.griffin@xxxxxxxxxxxxxxx> wrote:

If I suspect that a particular port on a given host is listening for
incoming Bittorrent data requests, is there a way I can prove it by
means of a probe? I have attempted to find some protocol definition
documentation so I can build a very basic script which will pretend to
be another Bittorrent client to see how the application handles it, but
I cannot find such detailed information.

If anybody can help with this, it would be much appreciated.

How sure do you have to be? Personally, if I saw a host with port
6881 listening, I would treat it as if it had BitTorrent running until
it was proven otherwise. You can try 'nmap -sV' to see if NMap can
identify the service listening, but if it is BitTorrent, NMap won't
identify it. It will fall back to a port number guess instead.

Unfortunately, connecting to a BitTorrent peer port and getting
anything useful back requires knowing the hash of a torrent being
shared on that client, which is near impossible to guess. However, if
you can sniff traffic on this port, you should be able to positively
identify it as BitTorrent because it will contain the string
'BitTorrent protocol' fairly early on in the packet data.

If you do discover a good working probe for BitTorrent, please share
it with Fyodor so that he can add it to NMap.

Good luck!
PaulM

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Follow-Ups:
- Re: Bittorrent Data Port Probe
  - From: John Lampe
- Re: Bittorrent Data Port Probe
  - From: Jonathan Yu

References:
- Bittorrent Data Port Probe
  - From: Tom Griffin

Prev by Date: Re: AES-256 encryption
Next by Date: XSS interrogations
Previous by thread: Bittorrent Data Port Probe
Next by thread: Re: Bittorrent Data Port Probe
Index(es):
- Date
- Thread

Relevant Pages

Re: bittorrent router settings
... Netgear router. ... I've never needed to use bittorrent but the occasion arose the other ... from resetting the firewall rules to block always when I'm not using ... to set your bittorrent client to use a certain port or set of ports ...
(uk.comp.homebuilt)
BitTorrent security questions
... I'm running a Linux desktop behind a NAT router with a ... services on any port allowed for anyone. ... I frequently use BitTorrent to download ... after I had installed an update for Azureus ...
(comp.os.linux.security)
Re: bittorrent router settings
... In practice I don't there has ever been a useful exploit for any Bittorrent client. ... from resetting the firewall rules to block always when I'm not using ... That'd only make a difference if you had some rogue program running on the PC that would listen on the bittorrent port to receive incoming instructions. ... your security has already failed. ...
(uk.comp.homebuilt)
Re: bittorrent router settings
... Netgear router. ... I've never needed to use bittorrent but the occasion arose the other ... from resetting the firewall rules to block always when I'm not using ... your bittorrent client to use a certain port or set of ports rather than ...
(uk.comp.homebuilt)
Re: BitTorrent security questions
... >>services on any port allowed for anyone. ... >>I frequently use BitTorrent to download ... >>port forwarding on the NAT router for ports 6882-6889 for ... after I had installed an update for Azureus ...
(comp.os.linux.security)