How did they get behind my NAT?

Discussion in 'Computer Security' started by Maniaque, Oct 10, 2007.

  1. Maniaque

    nemo_outis Guest

    ....snip Leythos' whining...

    Good old Leythos. Deep in a hole of his own making and too stupid to stop

    nemo_outis, Oct 15, 2007
    1. Advertisements

  2. Maniaque

    Jim Watt Guest

    Who generates the checksum ?

    If you download a file from the Adobe website, you have
    a reasonable degree of certainty that its genuine.

    I once found a client downloading from 'the mad hackers BBS'
    it was not a name that inspired confidence, I believe with
    bittorrents you don't know where things come from.
    Jim Watt, Oct 15, 2007
    1. Advertisements

  3. Maniaque

    goarilla Guest

    little correction bt uses the tiger tree hash algorithm not MD5.
    goarilla, Oct 16, 2007
  4. Maniaque

    Rick Merrill Guest

    Jim Watt wrote:
    ....I believe with
    That's right, delivery packages could have been modified.
    Rick Merrill, Oct 16, 2007
  5. Maniaque

    Unruh Guest

    The tracker.

    You do not know where the actual chunks come from. YOu are supposed to know
    what the true MD5 sum of the chunk is from the tracker which is supposed to
    be at a trusted site.

    Unruh, Oct 17, 2007
  6. Maniaque

    Unruh Guest

    As I understand bittorrent, it should not be. Your system is supposed to
    chech the hash of that package and refuse it if it is wrong ( the hash
    coming from the tracker). Or have I misunderstood bittorrent?
    Unruh, Oct 17, 2007
  7. Maniaque

    Sebastian G. Guest

    Being able to detect modified content doesn't mean that you can avoid the
    modification, and not even that you can correct it (the unmodified content
    might not exist anymore or might have never existed at all -> "fake").

    At any rate, you might not know if the content whose checksum you know might
    actually be the claimed content. It might be a completely different one, or
    a carefully modified original. You really need to get the checksum from the
    actual creator or a trusted deliverer of the original content.
    Sebastian G., Oct 17, 2007
  8. Maniaque

    Unruh Guest

    ???? If you know the stuff is bad, you can avoid it. If you want to
    download bad stuff you can always do so, and NOTHING can protect you. That
    is not the issue under discussion. You order a car, they deliver a load of
    manure. You can accept it, but you know that you are not accepting a car.

    I am sorry, you are claiming that someone could spoof the hash on the
    content? Ie, create another fake chunk which has the same hash. Now if it
    is md5 they use, that will not work. If it is another insecure hash it may
    be possible. Do you know that the hash used by bittorrent is
    cryptographically weak?
    Unruh, Oct 17, 2007
  9. Maniaque

    Jim Watt Guest

    That really is my point, and it is a security issue.

    However, as this sort of network is mostly used to circulate
    pirated software and to infringe copyright the checksum may
    protect you against damage in transit, deliberate or accidental.
    BUT does not protect you against someone inserting a trojan
    into some commercial software, bypassing its registration codes
    and posting the end product for the gullible masses sucking
    it up.

    Sebastian G is spot on. Unless the checksum comes from the
    owner of the content, and you have some means of knowing that
    it does not guarantee authenticity.

    Now that does not matter if its elvis_hits.mp3 or pictures of
    the vatican but if its something executable it does.

    IF a software company decides to distribute packages via
    bittorrents and posts the MD5 on their website, then maybe
    otherwise, you have no certainty or trust in whats on your
    Jim Watt, Oct 17, 2007
  10. Maniaque

    Sebastian G. Guest

    Unruh wrote:

    No. You can only ask other clients for the chunks, but you can only detect
    the modification after you actually downloaded them.

    No, I'm talking about spoofing the content itself. Why would you trust me if
    I offered you a CD image of Windows Vista Ultimate with the hash
    270eb5c849b240dedc7b2a24f04b56f028fcda6a that this is actually unmodified
    and I didn't implant a Trojan horse?
    Sebastian G., Oct 17, 2007
  11. Maniaque

    Unruh Guest

    What is a "security issue"?
    No it is not. It is mostly used to circulate computer programs, and other
    legitimate traffic.
    ???? No, nothing can do that. IF you use an untrusted site for the tracker
    data, then you do not know what it is that you download. But there is
    NOTHING that can protect against that. The issue was, given a legitimate
    tracker, can one of the seeders insert rogue code into the program such
    that it can subvert the security of the machine doing the downloading.

    There are people who respond to the Nigerian letters you know?

    Duh!! Really? And do you also need air to stay alive?
    That was never the issue. The claim was that, given a legitimate tracker
    source, the downloaded material, which comes from many untrusted sites,
    can be subverted. I do not believe the claim, although my recent use of
    bittorrent has made me a bit worried about whether bittorrent works as I
    believe it does.
    Uh, yes. And if you point a gun at your face and pull the trigger,
    bad things could happen. The original claim was that because bittorrent
    downloads from many anonymous untrusted sites, the downloaded material was
    untrustworthy. It is not. IF the tracker is untrustworth you have trouble.
    But only then.
    Unruh, Oct 18, 2007
  12. Maniaque

    Unruh Guest

    Yes. So? downloading the chunk does not do anything. It is just a string of
    bits, which can be erased.
    The question is, does bittorrent check the chunks it has downloaded to
    ensure that the chunk hash equals the has received from the tracker?

    Because I can check the hash against that CD image and see if it agrees. If
    that hash IS the true hash of Windows Vista Ultimate then I have confidence
    that it is unmodified. Of course I have to get that has from a trusted
    source. I do NOT need to get the image of Windows Vista from a trusted
    source. I can check the trust with the hash.
    Unruh, Oct 18, 2007
  13. Maniaque

    Sebastian G. Guest

    Unruh wrote:

    Not just that, but using a hash tree it can even locate such defective
    chunks very efficiently.

    And in almost any case if the torrent downloaded was not provided by the
    legitimate vendor, no such way of verification exists. That is, it makes the
    discussion pretty void.
    Sebastian G., Oct 18, 2007
  14. Maniaque

    Unruh Guest

    One reason I ask is that I downloaded Mandriva 2008, using the tracker on
    Mandriva, and both ktorrent and bittorrent stated that the download was
    completed, with no problems reported. Both downloads when I restarted
    ktorrent, were found to have large numbers of chunks invalid. Ie, it did
    NOT seem that the either of these implimentations had actually tested the
    chunks for validity. I assume this was a bug in the implimentations. But
    that leads to the question as to whether a properly coded torrent actaully
    does check each chunk for validity? I assume this was coding bugs, but it
    could have been a nasty seeder, who was polluting the streams.
    No, the argument seemed to be that because you downloaded chunks from all over the
    world, trusted and untrusted places ( in fact usually you have no idea
    whatsoever where the chunks came from), torrent is inherently unsafe, even
    if the tracker was on a trusted site. If the tracker is on an untrusted
    site, then it is clear you cannot trust the download, even if all of the
    chunks were obtained from trusted sites. HOwever, IF the tracker is
    trusted, can I therefor trust the downloaded torrent?
    Unruh, Oct 19, 2007
  15. Maniaque

    Jim Watt Guest

    The question really is do you trust the person who created the
    Jim Watt, Oct 19, 2007
  16. Maniaque

    Maniaque Guest

    Quick update, for any of you who use a WRT54G linksys router (with
    firewall enabled) and are concerned about the "FTP NAT Helper" issue
    described above, the latest version of the Tomato firmware (1.11) now
    allows you to disable the NAT helper.
    Maniaque, Nov 7, 2007
  17. Maniaque

    Maniaque Guest

    Just a point of interest regarding this, as I recently started
    wondering exactly how bittorrent works - the "Trust" point is actually
    NOT the tracker, it is the ".torrent" file. You may download this from
    the tracker (eg, assuming you're feeling brave, the pirate bay), or
    you may download it from an index (equally brave, mininova), or you
    could download it from anywhere else. In all cases the checksums /
    hashes are contained within the torrent file, along with the locations
    of the trackers.

    If you do not trust the source of the torrent file, you cannot trust
    the downloaded contents. If you trust the source of the torrent file,
    and you are certain you really obtained it from that source, then any
    data downloaded by a correct bittorrent implementation (that does not
    skip the hash checks) should inherit the same trust, regardless of
    where the data actually came from, and regardless of the trackers - it
    has all been checked against the hashes contained in the original
    torrent file.
    Maniaque, Nov 12, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.