Torrents- how risky?

Discussion in 'other security issues & news' started by wreckwriter, Aug 20, 2006.

Thread Status:
Not open for further replies.
  1. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    Hi guys,

    It seems that a game mod I want very badly may be released as a torrent (its almost 1 GB). I know very little about file sharing or the software used in it. How much risk am I taking by installing (and opening holes for) Bit Torrent or similar?

    I have a DI 604 router, latest versions of LNS, NOD32, and AdAware.

    Thanks for your time!
     
  2. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    You will be perfectly fine. One good precaution to use is peerguardian, which blocks millions of ips which can include government ips, school ips, malicious computers ips, etc. you only need to use it when you are torrenting. I find torrenting to be an excellent filesharing protocol and use it to get many linux iso's, openoffice, and at late the new f.e.a.r online combat game which looks pretty cool if i may say so myself.

    Cheers

    Alphalutra1
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    bittorrent is a lot less risky than other p2p network/protocol.

    like alphaultra suggested, just use peerguardian and load the p2p list as well as any other u want.

    and if u need a suggest for bittorrent client, why not try utorrent? its light on resources, has skins, good speed, and plenty of features.
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    The BitTorrent file sharing client and protocol can provide a way around bandwidth bottlenecks. I have to use torrents sometimes to get the files I want also but I use Azureus.
    You may have to configure your system though depends what youve using or done to tie down your system.
     
  5. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    As an alternative to PeerGuardian, I believe most torrent clients [Bitcomet, Utorrent, Ktorrent, etc.] allow dropping a .dat to filter ips. I have heard this was much more efficent than having PG scan every incoming packet. How exactly to set this up, I have no idea.
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    By blocking IPs, you also block many "innocent" people (dynamic IP) and it can affect speed.
    A reliable torrent client will block bad IPs as well as firewall will block any attempts via torrent.
     
  7. R3SiN

    R3SiN Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    14
    Maintaining true stealth while using torrents correctly is impossible. The only way torrent clients can connect is when one of them has an open port. If neither has an open port there can be no connection. If one of the two has an open port the connection will be limited to such situations.
     
  8. R3SiN

    R3SiN Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    14
    The best way to implement the open port is to use a torrent client that allows for a random port. Any firewalls must then be configured to allow for such possibilities of port variations. Although this limits the restriction to the local torrent client, security is actually improved.

    Hardware firewalls must also compensate for this. They can still be setup to block anonymous internet requests, but only if the machine running the torrent client is setup on a DMZ (Demilitarized Zone). If the machine is not setup through the router to be on the DMZ than anonymous pings must be allowed.
     
  9. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    Thanks guys, I appreciate your insights!
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    if the file you are downloading is safe and you got the torrent file from somewhere you trust, then the torrent should be fine.

    torrents work by downlaoding small peices of the file you want from others who already have the file. the original torrent file you use to launch the download has the checksum of the file you are downloading, and i suppose the individual pieces too?? so if you download something which isn't part of the file it is rejected.

    some clients even show you how many pieces have been rejected. that's how i've always thought it works anyway. is that correct? i never block anything with programs like peerguardian.

    btw, whenever i check to see who's downloading from me Bitcomet is always the fastest client. but, i think i've read some IPs, or maybe ISPs, block bitcomet, or something like that.
     
  11. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Some trackers block Bitcomet, because of a "broken DHT function" I believe it was.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,036
    Location:
    The Netherlands
    Hi,

    I always hated torrents since the speed is so slow but I decided to check them out again since so many people are very enthusiast about these tools, but I wonder, can I trust µTorrent?

    I have noticed that when it´s downloading, website loading gets very slow (and yes I have enough bandwidth). Also, another very strange thing, it reported to me that it had downloaded only 10 MB of a file (MP3) but in fact it had already downloaded the full 98MB? How is this possible? :blink:
     
  13. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    regarding what you might be downloading and installing \ playing with a torrent client


    you can isolate whatever download your getting till completed and through a trial install
    (your torrent ap of choice in sandboxie for instance)
    after you test it pull it out for a real install

    verify its actual extension

    be aware of exploits of the day for some file extensions \ applications (doc pdf mov ect)

    and if its an actual exe track what it does with a HIPS and or tracker
    (but ultimately youll have to "trust" an exe and assume its going to be able to subvert any monitoring, the only recourse for absolute certainty is direct comparison of before and after states and behavior)

    I too employ µTorrent
     
    Last edited: Jan 21, 2007
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,036
    Location:
    The Netherlands
    My bad, the download is half corrupted so it isn´t fully completed, but I think I will use BitPump, UTorrent is giving me problems. :thumbd:
     
Loading...
Thread Status:
Not open for further replies.