Remove Ads

Share on Facebook Share on Twitter

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
RE: IP-filtering (utorrent & vuze)
#1
Filtering out IP's means blocking certain peers from connecting to your machine. It has been discussed widely whether 'tis a good idea to 'micromanage' swarms or not. The pros are: [list]
[*]Sometimes swarms get 'polluted' by 'malignant' peers - typically all within the same IP range. This slows down up and download for everyone as these will connect and disconnect without contributing anything and in some cases deliberately upload corrupted data. Blocking these will reduce the damage done on your end.
[*]Corporate scumbags have been known to monitor swarms in order to harvest IP's for blackmailing. Blocking them might not ensure that they wont have your IP logged somewhere, but the more people block em by default, the less info they will be able to obtain.
[*]When uploading a fresh torrent, you will want to ensure that the data you send out is replicated at a maximum rate. Temporarily blocking 'leechers' can effectively reduce the time you spend seeding before your torrent is adequately seeded elsewhere. This is what is reffered to as 'micromanagement'. Allthough officially not recommended by prominent gurus like Adapa, in my personal experience it can be very useful.
[/list]

[size=large][b]Part the second, in which we shortly discuss the benefits of using our clients inbuilt functionalities in stead of relying on third party software.[/b][/size]

A lot of you are prolly familliar with peerguardian and the like. Readymades that promise to protect you from all kinds of evil - the problem with these kinds of services are numerous. Most important, the blocklist is global, not limited to your bt client. I remember gcjm going crazy not being able to connect to a certain secure irc server until he figured out how to turn off peer guardian :p.
Second, you wont have the same kind of realtime control of your blocklists as with client specific functions.

[size=large][b]Part the third, in which we take a look at utorrent's IP-filtering interface.[/b][/size]

utorrent is famous and popular for being lightwheight and functional. However, if you want to get beneath the default functionality, you'll have to get your fingers a little dirty; utorrent provides very little gui support for IP filtering. It is all handled via a .dat file that consists of a list of ip ranges to block. The only way to modify this list is to open it in a txt editor like notepad - or getting third party software to do the dirty work for you.

The file is called ipfilter.dat and is located in the /application data/utorrent/ folder (xp). If it doesnt exist you can create it from scratch.

The syntax is xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy for each line, representing a start IP and a stop IP. Any IP between these two will be blocked.

In example: [code]072.172.064.000 - 072.172.095.255[/code]
Will result in all IP's between and counting the two being blocked.

In order to make this work you'll have to enable IP-filtering here: utorrent>preferences>advanced. Look for an entry called 'ip-filter enable' and make sure it is set to true.
[Image: http://img176.imageshack.us/img176/9017/tutb1.png]

Once enabled you can reload the ipfilter table (you know, the .dat file) any time like this:
[Image: http://img256.imageshack.us/img256/4229/tutb3.png]
That is, right clicking anywhere under the 'peers' tab.

Effectively, you can ban and unban IP's in realtime, by modyfying your ipfilter.dat file in a txt editor and telling utorrent to reload it.

[size=large][b]Part the fourth, in which we investigate the functionalities of vuze/azureus[/b][/size]

Vuze comes with a lot more handy stuff for managing your ip filter than utorrent. Have a look at this (tools>options>ip filters):

[Image: http://img9.imageshack.us/img9/9785/tut1v.png]

NB: To get this menu you'll have to tick 'advanced' in tools>options>mode

First three options ought to be self explanatory.

Next part - 'peer blocking' - make vuze automatically ban IP's sending bad data. Untick the first box if you dont want to use this feature.
'Block peers whose discarded data/good ratios exceeds' 5.0 by default - means that when an IP has uploaded 5 times more bad data than good it will be banned.
'Minimum kB discarded before applying ratio' - 128 by default - Means that when an IP has distributed 128 kB's of bad data, vuze will start couting.
'Ban a block of 256 addresses when at leats this many blocks have been banned' - 4 by default - means that when four IP's within the same range of xxx.xxx.xxx.yyy (where the x's are coonstant and y's are variable) the entire range will be banned.
You can experiment with these settings if you like, but remember that bad data often gets send undeliberately.

'Auto loading' allows you to load premade ip-filter lists. If you use some of the links in koninks tutorial you can load the updated lists into vuze using this feature. Click browse, locate the blocklist file (almost any format is supported) and click load now. Note: this will flush the entire list and rebuild it from the file you specified - so if you are using more than one source of block lists, merge them in any txt editor before loading.

You can also manually add IP-ranges to the block-list. This is done by clicking the 'add' button on the bottom. The follwoing window will emerge:

[Image: http://img32.imageshack.us/img32/8530/tut2t.png]

Or you can do it the hacker way and plot in the range in your ip-filter file.

Once done hit 'apply' and all those bad IP's will be gone from your client.

Besides the ip-filtering interface, vuze also provides a means of temporarily banning IP's without adding them to the (permanent) blocklist. In vuze's detailed view of a torrent you can monitor what peers are connected to you. Right click any torrent, select 'view details' and click the 'peers' tab. Now if you see someone that you dont want in your swarm, you can do an instant temp-ban by right-clicking the peer and selecting 'kick and ban' - (this can be reset later).

Finally, vuze has one more usefull tool: the ip-filter log, located in tools>ip-filters (not in options!)

[Image: http://img32.imageshack.us/img32/439/tut4.png]

The first field logs all attempted connections by IP's in your blocklist.
Second field logs all 'temp'-bans done by vuze (as explained above - see the peer blocking part) and you. By hitting the 'reset' button you'll flush the log and lift all the temnporary bans. This is a nice tool for manually updating your blocklist. Before resetting, check up on who's banned and why, and if you deem it nescecarry, add them to your blocklist.

[size=large][b]Part the fifth, in which we discuss whom and when to ban.[/b][/size]

There are certain things to be suspicious of. Like I mentioned before, a recurring problem is swarm pollution. This phenomenon is easily spotted as peers within the same IP range will keep connecting and disconnecting in short intervals contributing nothing to the swarm. When this occurs, ban the entire range.

Also, beware of outdated/obscure clients and/or 'fakes' - they are likely to be IP harvesters up to no good.

Before taking action against a suspicious peer, try doing a 'whois'/domain serach. Here's a couple of useful online tools:

http://www.who.is
http://whois.domaintools.com/
http://whatismyipaddress.com/
http://ping.eu

Some of these have extra features like blacklist lookup (very useful) or proxy detection etc...

If an IP is identified with a corporate name look it up on google. I've had amazon.com infesting my swarms believe it or not.

Dont be too paranoid. Investigate before you ban people from your client.

[size=large][b]Part the sixth, in which we consider useful third party aplications[/b][/size]

One usefull opensource project is 'uTorrent IP-Filter with AutoUpdater'. It's a small batch file, that whenever executed connects to sourceforge and downloads an updated ipfilter.dat.
You can get it here:

[s]http://www.torrentsdownload.net/torrent/2736/uTorrent+IP-Filter+with+AutoUpdater+and+Installation+Instructions.++Open+Source..html[/s]
edit: Try this instead: http://merwin.bespin.org/utub/uTorrentUp...st_1.0.zip

Although made for utorrent, you can easily load it into vuze via the 'auto loading' function discussed above.

Another good resource for blocklists and apps is http://www.bluetack.co.uk/forums/index.php - you'll need to register (free of charge) in order to gain acces to their software. Personally, I gave up on their aplications, but they keep track of bad IP's and allow you to download updated blacklists categorized by paranoia level Tongue

[size=large][b]Part the seventh, in which micromanaging is briefly discussed[/b][/size]

This has been discussed back and forth alot at suprbay. There's an old thread by kuthumi that introduces the idea and yields lots of useful info. I also remember a recent thread in which Adapa fires wildly at anyone suggesting the method be benevolent.

In my opinion, to do this you really need vuze/azureus. utorrent just doesnt provide enough swarm/peer info to allow to to effectively micromanage your swarm.

To get the best out of vuze's interface, customize the columns of the torrent details->peers tab. Once there, right click anywhere you'll have the opportunity to open the 'column setup' window:

[Image: http://img237.imageshack.us/img237/8981/tut3k.png]

The real useful ones are 'stat up' (estimated upload speed of peer), 'up-ratio' (uploade from you : uploaded from other peers) and 'up:down' (peers uploaded:downloaded ratio).

Monitoring these, along with the pieces map you'll get whenever highligting a peer, will give you a good idea of how much this peer is contributing to the swarm.

Now the general tactic is to share your data with only those peers who redistribute that data. That means tempbanning (as explained above) anyone who doesnt replicate the pieces they get from you. (Once your torrent is well seeded you should reset those bans).

Be aware that this will only work well with larger swarms (at least 10+ peers).

Also, an often repeated argument is that utorrents 'initial seeding' and vuze's 'super-seeding' does the job for you without banning anyone. Still, the method have proven itself efficient for a lot of people. I know the ole fogger likes kickbanning nondatareplicating peers, whether just for the heck of it or for the efficiency of an initial upload (?) Tongue
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)