Handler on Duty: Rob VandenBrink
Threat Level: green
Loading...
|
|
Submitted By | Date |
---|---|
Comment | |
Sean Cavanaugh | 2007-01-23 01:52:04 |
Azureus, BitComet, uTorrent as well as other clients are starting to use Protocol header encryption (PHE)/message stream encryption (MSE)/Protocol encryption (PE) to help obfuscate the traffic flow to try and avoid Traffic Shaping. more often you are seeing less of the traffic having the Blatant BitTorrent Identifiers in them and are looking more like an SSH connection. usually if you trace the traffic back to the first packet to hit 6881, theres a corresponding outbound packet headed for that same IP, as well as a leading outbound packet from the BT client hittting its central server listing client version and the like. Also note that even after the client is closed, other peers will still try and communicate to it as word about it being shut down hasn't propegated yet. |
CVE # | Description |
---|