More on P2P. Know the value of a blocklist.
Let me start by saying I am not endorsing the use of P2P for illegal uses. The goal of my blog is to raise security awareness as a whole. Now, that said…
Arstechnica is running a story right now about a team of California researchers looking at the impact of using a blocklist when connecting to P2P networks and how that coincided with how likely you were to be tracked. Their findings?
“The old cliché “You’re not paranoid if they really are out to get you” turns out to apply quite nicely to the world of P2P file-sharing. A trio of intrepid researchers from the University of California-Riverside decided to see just how often a P2P user might be tracked by content owners. Their startling conclusion: “naive” users will exchange data with such “fake users” 100 percent of the time.”
I will highlight the conclusions for those who do not wish to read the whole article.
- If you don’t use a blocklist, you will be tracked. Every one of the researchers’ test clients that did not use a blocklist soon connected to an IP address found within those lists. It turns out that 12 to 17 percent of all IP addresses on the network belonged to these blocklisted ranges.
- Trackers aren’t that hard to avoid. While “naive” clients may all connect to blocklisted users, it wasn’t that hard to stay away from the vast majority of such “fake users.” Researchers found that “avoiding just the top 5 blocklisted IPs reduces the chance of being tracked to about 1 percent.”
- Content owners hide their tracks. Much of this tracking work is farmed out from content owners to companies like SafeNet and BayTSP, and these companies in turn take care to hide their tracks. When the researchers ran reverse DNS lookups on the blocklisted ranges, they found that only 0.5 percent of those addresses resolved back to media companies in an obvious way.
- Meet the BOGONS. One of the strategies for remaining anonymous is to operate from BOGON IP ranges. These ranges are unallocated blocks of addresses that should ordinarily not be used on the public Internet. Of the top fifteen blocklist entities that were discovered during testing, 12 were in BOGON ranges. The researchers note that “these sources deliberately wish to conceal their identities while serving files on P2P networks,” and reverse DNS queries on these addresses produce little useful information.
If you are using a P2P network, know the value of a blocklist. Using a blocklist isn’t a silver bullet by any means. Whether it be someone gathering information for a future lawsuit or a malicious user or group doing information reconnaissance, it will at least give you an additional layer of security.
The original article isn’t very long (one page). If you wish to read the full article you can find it here: P2P researchers: use a blocklist or you will be tracked… 100% of the time
If you wish to read the the results of the study they are outlined in a recent paper here: “P2P: Is Big Brother Watching You?” (PDF)