KR101145608B1 - Method for preventing of torrent traffic in network - Google Patents

Method for preventing of torrent traffic in network Download PDF

Info

Publication number
KR101145608B1
KR101145608B1 KR1020110121018A KR20110121018A KR101145608B1 KR 101145608 B1 KR101145608 B1 KR 101145608B1 KR 1020110121018 A KR1020110121018 A KR 1020110121018A KR 20110121018 A KR20110121018 A KR 20110121018A KR 101145608 B1 KR101145608 B1 KR 101145608B1
Authority
KR
South Korea
Prior art keywords
torrent
udp packet
network
packet
delete delete
Prior art date
Application number
KR1020110121018A
Other languages
Korean (ko)
Inventor
권억
Original Assignee
플러스기술주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 플러스기술주식회사 filed Critical 플러스기술주식회사
Priority to KR1020110121018A priority Critical patent/KR101145608B1/en
Application granted granted Critical
Publication of KR101145608B1 publication Critical patent/KR101145608B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Abstract

PURPOSE: A method for assorting and blocking torrent traffic in a network is provided to block detected data based on a determination result by determining data which satisfies one or more predetermining conditions related to torrent traffic. CONSTITUTION: Data transmitted to an external terminal through a network is compared with a HTTP Get Request message(100). The HTTP get request message including necessary parameters related to torrent traffic is determined based on a comparison result. The HTTP Get Request message is blocked based on a determination result. The necessary parameters includes a parameter(110) about a hash related to a torrent file, a parameter(130) about a peer ID, and a parameter(120) about a port number.

Description

How to block torrent traffic screening in your network {METHOD FOR PREVENTING OF TORRENT TRAFFIC IN NETWORK}

The following embodiments are related to a torrent traffic screening blocking method of a network.

BitTorrent is the name of a peer-to-peer file transfer protocol and the name of the application software that uses it. BitTorrent speeds up transfers by distributing and storing files across the Internet and fetching files from multiple locations simultaneously using multiple connections.

The BitTorrent protocol was invented by programmer Bram Cohen and was designed since April 2001, with the first implementation released on July 2, 2001. BitTorrent Inc., a company founded by Cohen. Is maintaining this. Originally, BitTorrent programs were written in Python using distributed hash tables and are distributed under open source copyright. In addition, there are a variety of BitTorrent clients that are compatible with the BitTorrent protocol.

An embodiment of the present invention detects data transmitted and received to an external terminal device through a network, determines whether the detected data meets at least one predetermined condition related to torrent traffic, and based on the determination result, By blocking the data, it provides a technology to screen and block the torrent traffic of the network.

The torrent traffic screening blocking method of the network according to an embodiment of the present invention includes detecting whether an HTTP get request message is transmitted to an external terminal device through a network; Determining whether the HTTP get request message includes essential parameters related to torrent traffic based on the detection result; And blocking the HTTP get request message based on the determination result.

The required parameters may include info_hash, peer_id, ip, port, uploaded, downloaded, left, and event, etc. The present invention may selectively block torrent traffic using at least parameters such as info_hash, peer_id, and port. Can be.

The blocking may include checking whether a parameter for a user agent included in the HTTP get request message has a preset pattern based on the determination result; And blocking the HTTP get request message based on the check result.

The preset pattern may include various strings such as uTorrent, Azureus, and the like.

Torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network is a UDP packet; Determining whether the UDP packet is the same size as at least one of a plurality of structures associated with torrent traffic and whether a specific parameter included in the UDP packet has a value within a predetermined range based on the detection result; And blocking the UDP packet based on the determination result.

The plurality of structures includes: a structure associated with a connect request message included in a UDP tracker protocol; A structure associated with an announce request message included in the UDP tracker protocol; And a structure related to an error response message included in the UDP tracker protocol.

The specific parameter may include a parameter for an action, and a value within the predetermined range may include a plurality of preset integer values.

Torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network is a TCP packet or a UDP packet; Determining whether the size of the TCP packet or the UDP packet is larger than a preset size and whether the TCP packet or the UDP packet has a preset pattern at a predetermined position based on the detection result; And blocking the TCP packet or the UDP packet based on the determination result.

The preset size may include 69 bytes.

The predetermined position may include the first 20 bytes of the TCP packet or the UDP packet, and the preset pattern may include a character string including 0x13 (this is a hexadecimal representation) and a string including the BitTorrent protocol.

Torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network is a UDP packet; Checking whether the size of the UDP packet is larger than a size of a preset header format based on the detection result; Determining whether the UDP packet satisfies a predetermined condition based on the test result; And blocking the UDP packet based on the determination result.

The determining may include selecting whether the UDP packet is in a non-standard version header format or a standard version header format; And determining whether a specific parameter included in the UDP packet has a value within a predetermined range according to the selection result. As will be described below, according to an embodiment of the present invention, the standard version may mean that the version of the well-known bit torrent protocol is ver.1, and the non-standard version may mean something other than ver.1. .

If the screening result is a screening result that the UDP packet is a non-standard version of a header format, the specific parameter includes a parameter for a flag, and a value within the predetermined range includes integer values less than a predetermined value. It may include.

In addition, when the version field included in the UDP packet indicates 1 and the type field exists within a predetermined range such as less than 5, the present invention may determine that the UDP packet conforms to the standard version.

Torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network is a UDP packet; Determining whether the UDP packet is a packet encoded in a preset pattern based on the detection result; And blocking the UDP packet based on the determination result.

The preset pattern may include a string including d1 :; At least one element; And a letter including e in sequence.

An embodiment of the present invention detects data transmitted and received to an external terminal device through a network, determines whether the detected data meets at least one predetermined condition related to torrent traffic, and based on the determination result, By blocking the data, it is possible to provide a technique for screening and blocking the torrent traffic of the network.

1 is a block diagram illustrating a torrent traffic screening blocking method of a network using an HTTP tracker get request message according to an embodiment of the present invention.
FIG. 2 is a block diagram illustrating a torrent traffic screening blocking method of a network using a UDP tracker protocol packet according to an embodiment of the present invention.
3 is a block diagram illustrating a torrent traffic screening blocking method of a network using a BitTorrent Peer wire Protocol packet according to an embodiment of the present invention.
4 is a block diagram illustrating a torrent traffic screening blocking method of a network using a uTorrent Transport Protocol packet according to an embodiment of the present invention.
5 is a block diagram illustrating a torrent traffic screening blocking method of a network using a distributed sloppy hash table (DHT) protocol packet according to an embodiment of the present invention.

1. How to use Torrent

To use the BitTorrent protocol, you need to install a BitTorrent client that is compatible with the BitTorrent protocol. If you want to share a file using BitTorrent, you first need to create a torrent file. The torrent file records the metadata of the file to be shared and information on the host computer. The specifics of the file depend on the BitTorrent protocol version, and the file extension is always .torrent.

(1) torrent files (.torrent files)

The torrent file has an announce section, which contains the tracker's URL information. A tracker is a kind of server that monitors seeders and peers in a swarm. The client sends its information to the tracker server and receives information about the seeder and peer in the current swarm. The tracker server has no direct impact or relationship to the data transfer and does not have a copy of the shared file. The current version of BitTorrent can be implemented without a tracker server. However, most bit torrents currently use a lot of tracker servers.

The info section of the torrent file contains the file name, length, file fragment length, and SHA-1 hash code for each fragment to diagnose the integrity of the file. A client who has finished receiving a file can act as a seeder and can increase file sharing efficiency.

After you create a torrent file of the file you want to share, you can publish the torrent file to a tracker server by publishing it to a website. This is the most common way to share torrent files.

(2) upload and download

The user goes to the website where the torrent file is registered, downloads the torrent file, and opens the torrent file using the BitTorrent client. The BitTorrent client connects to the tracker server and retrieves information about the seed and peer of the current shared file. In other words, it brings the number of people currently downloading and uploading people. All these people are collectively called swarms.

At first there may be no peers. There can only be a seeder who is the first file uploader. This will start accepting files from the first seeder. The BitTorrent protocol breaks a file into pieces and sends them into small files. Typically, a piece is 256kb in size. In general, the larger the file size, the larger the fragment size. For example, a piece of 4.37GB is about 4.3MB. Each time a piece is downloaded, a hash algorithm is used to check for errors.

As many people start downloading files, the number of peers in the swarm increases. Peers start to share the pieces with each other. Peers that are downloading receive pieces at random, so they can share the pieces they receive. Therefore, reduce the transmission bandwidth of the seeder containing the original file.

An important factor in improving the efficiency of P2P is the policy of exchanging data between clients. Clients increase the efficiency of sharing by organizing files back to the client that gave them the file. These different policies make a difference in sharing efficiency, download speed, and upload speed. BitTorrent is better to share more, and instead of waiting to be queued, unlike other P2P. Bit torrent uses a mechanism called optimistic unchoking. This mechanism allocates some of the client's bandwidth and sends fragments to peers randomly so that all peers have a certain amount of fragments. This increases the efficiency of sharing because all peers have different pieces.

2. Torrent Operation

Once you implement the BitTorrent protocol, you can think of it as a BitTorrent client. Each client can use this protocol to reserve, request, and send any type of computer file on the network. At this time, the computer on which the client operates is called a peer.

If you want to share a file (or group of files), the peer must first create a torrent. This small file contains metadata about the file and tracker (a computer that coordinates file distribution) to share. To receive a file, a peer must first obtain a torrent file for that file, and then connect to a tracker that tells which peers to connect to in order to get the fragmented file.

Although similar in that they allow files to be downloaded over the network, there are fundamental differences between BitTorrent downloads and traditional full-file HTTP requests:

BitTorrent generates a large number of small P2P requests using multiple TCP sockets. Web browsers, on the other hand, typically generate one HTTP GET request on one TCP socket.

Bit torrent downloads are either random or rare-first. This approach ensures high availability. In contrast, HTTP downloads are generally sequential.

Because of these two differences, BitTorrent can achieve very large redundancy at a very low cost, and is more resistant to Abuse or Flash crowds than a typical HTTP server. However, this protection is not just achieved: downloads take time to reach full speed. This is because it takes time for sufficient peer connections to be made, and it takes time for a node to receive enough data before it becomes a useful uploader. As a result, a typical bit torrent download starts initially at a slower rate, then gradually increases to its maximum, and slows down to the end of the download. In this respect, it is different from HTTP downloads, which reach very high speeds very quickly and still maintain speed throughout.

3. BitTorrent Protocol Specification

BitTorrent protocol is a protocol for distributing files. The BitTorrent protocol can identify content by URL and can be seamlessly integrated with the web environment.

When a plurality of users simultaneously downloads the same file, the plurality of users may upload to each other by using the bit torrent protocol. As a result, a very large number of users can share file sources, and the additional load that occurs is not large.

(1) Tracker get request (tracker GET request)

The tracker get request message sent to the tracker server includes the following parameters.

i) info_hash

20-byte sha1 hash of the bencoded form of the info value in the metainfo file. info_hash is a string in the metadata file.

ii) peer_id

peer_id is a string of length 20 that the downloader uses as its ID. Each downloader randomly generates its ID when starting a new download.

iii) ip

ip is an optional parameter that provides information about the IP (or DNS name) where the peer is located.

iv) port

port is the port number that the peer uses to listen on. Typically, the downloader uses port 6881 for listening. If the 6881 port is in use, then try to 6889 port, such as 6882 port and 6883 port in order.

v) uploaded

uploaded is the total uploaded capacity so far, encoded in ASCII ASCII code.

vi) downloaded

downloaded is the total downloaded capacity so far, encoded in ASCII ASCII code.

vii) left

left is the capacity the peer needs to download more, encoded in ASCII ASCII code. Since some of the downloaded data may need to be downloaded again by failing the integrity check, the value of left cannot be calculated from the value of downloaded and the length of the file.

viii) event

event is an optional parameter with a value of either started, completed, or stopped. An event has a value of started when the download starts for the first time and a value of completed when the download is complete. In addition, the event has a stopped value when the download is interrupted.

(2) tracker response

If the query fails, the tracker response has a failure reason key, a string that explains why the query failed. At this time, no other key is required.

On the other hand, if the query succeeds, the tracker response has an interval key and a peers key. At this time, the interval key includes information about the time (in seconds) that the downloader should wait between requests, and the peers key includes information about peers such as peer id, ip, and port.

(3) peer protocol

BitTorrent's peer protocol can operate over TCP. At this point, the peer protocol can be operated without setting special socket options.

Peer connections are symmetrical. That is, messages sent in both directions have the same format, and data can be sent in either direction.

The peer protocol references fragments of the file by the index indicated in the zero-based metainfo file. When a peer completes a download for one piece, it checks the hash for that piece and announces to all other peers that it has the downloaded piece.

The connection between peers may be represented by two bits of binary code including information about whether it is in a choked state and whether it is an interested state. Here, no data is transmitted if the connection remains in the choke state. If one peer is in the interest state and the other is not in the choke state, data transfer occurs.

(4) Handshake of Peer Wire Protocol

The peer wire protocol consists of a handshake. The handshake begins with the letter 19, followed by the string 'BitTorrent protocol'. Here, 19 means the length of the following string.

The handshake has 8 bytes of reserved data behind the fixed length header. In the current bit torrent implementation, the eight bytes all have a value of zero.

The handshake has 20 bytes of sha1 hash for the bencoded format of the info value in the metainfo file, after the 8 bytes of reserved data. This is the same value as info_hash contained in the tracker get request message. If the sha1 hash values of the 20 bytes sent to each other between two connected peers are not the same, they may disconnect.

The handshake has 20 bytes of sha1 hash, followed by 20 bytes of peer id. The peer id is a value reported in the tracker request and is included in the list of peers in the tracker response. If the receiving side peer id does not match the expectation of the initiating side peer, the connecting attempt peer may terminate the connection.

When the handshake is completed, a predetermined length of data and a message may be transmitted.

(5) torrent traffic screening blocking method in a network according to an embodiment of the present invention

1 is a block diagram illustrating a torrent traffic screening blocking method of a network using an HTTP tracker get request message according to an embodiment of the present invention.

Referring to FIG. 1, the torrent traffic screening blocking method of a network according to an embodiment of the present invention uses a point of transmitting an HTTP get request message including essential parameters when a request is made to a tracker server using HTTP. The torrent traffic can be screened and blocked separately from the request message.

More specifically, the torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted to the external terminal device over the network is an HTTP Get Request (HTTP Get Request) message (100); Determining whether the HTTP get request message (100) includes essential parameters related to torrent traffic based on the detection result; And blocking the HTTP get request message 100 based on the determination result.

Here, the required parameters include parameters 110 for a hash associated with the torrent file; Parameter 120 for a peer ID; And a parameter 130 for the port number. In this case, the parameter 110 for the hash may be info_hash, the parameter 120 for the peer ID may be peer_id, and the parameter 130 for the port number may be port. Of course, in addition to the above, the required parameters may further include ip, uploaded, downloaded, left, and event, etc., and the present invention screens torrent traffic using at least parameters such as info_hash, peer_id, and port. Can be blocked.

The blocking may include checking whether a parameter 140 for a user agent included in the HTTP get request message 100 has a preset pattern based on the determination result; And blocking the HTTP get request message 100 based on the check result.

Here, the preset pattern may include a string including uTorrent. In this case, the parameter 140 for the user agent may be a user agent.

3 is a block diagram illustrating a torrent traffic screening blocking method of a network using a BitTorrent Peer wire Protocol packet according to an embodiment of the present invention.

Referring to FIG. 3, the torrent traffic screening blocking method of the network according to an embodiment of the present invention may interfere with the handshake of the peer wire protocol to perform screening blocking of torrent traffic.

More specifically, the torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network is a TCP packet or UDP packet (300); Based on the detection result, it is determined whether the size of the TCP packet or the UDP packet 300 is larger than a preset size and whether the TCP packet or the UDP packet 300 has a preset pattern at a predetermined position. Making; And blocking the TCP packet or the UDP packet 300 based on the determination result.

In this case, the preset size may include 69 bytes. That is, the torrent traffic screening blocking method of the network according to an embodiment of the present invention performs a check for screening whether or not torrent traffic is detected for a packet whose size of the detected TCP packet or UDP packet 300 is larger than 69 bytes. can do.

In addition, the predetermined position includes the first 20 bytes 310 of the TCP packet or the UDP packet, and the preset pattern includes a character including 0x13 (this is a hexadecimal representation) and a 'BitTorrent protocol'. It may include a string 320. That is, the torrent traffic screening blocking method of the network according to an embodiment of the present invention may detect torrent traffic by detecting a header of a fixed length of the handshake of the peer wire protocol. At this time, 0x13 means 19 as a decimal number, and as described above, 19 means the length of the following character string.

4. UDP Tracker Protocol for BitTorrent

(1) overhead of HTTP protocol

To discover other peers in the swarm, the client must inform the tracker of its existence. In this case, as described above, the HTTP protocol is used, and information about info_hash, key, peer_id, port, downloaded, left, uploaded, and compact is transmitted. The tracker's response to this also includes information about the list of peers. Although both the request and the response require a small amount of data, additional overhead is incurred due to open and close operations for the TCP connection when using TCP.

More specifically, the additional overhead includes 14 bytes per packet at the Ethernet layer, 20 bytes per packet at the IP layer, 20 bytes per packet at the TCP layer, and overhead of the HTTP layer. For example, if you use 10 packets for a request and respond with 50 peers, the total amount of data used is 1206 bytes.

This overhead can be significantly reduced by using a UDP based protocol. For example, when using a UDP based protocol, the overhead is reduced to 4 packets corresponding to 618 bytes. That is, overhead traffic can be reduced by 50% compared to the case of using the existing HTTP protocol.

Reducing the overhead of 1 kByte per hour can be difficult for the client, but for the tracker server serving many peers, reducing the overhead in half is a significant effect.

Furthermore, UDP-based protocols do not require complex parsers and do not require connection handling, which can improve performance by simplifying the code on the tracker server.

(2) UDP tracker protocol

Basically, a peer must acquire a connection ID before performing announce or scraping. The UDP tracker protocol is as follows.

Connect request:

i) Randomly select a transaction ID.

ii) fill in the connect request structure.

iii) send the packet.

Connect response:

i) receive the packet.

ii) Check whether the received packet is at least 16 bytes.

iii) Check whether the transaction ID is the same as selected at the connect request.

iv) Check whether the action is a value corresponding to the connect.

v) Save the connection ID for later.

Announce request:

i) Randomly select a transaction ID.

ii) populate the announce request structure.

iii) send the packet.

Announce response:

i) receive the packet.

ii) Check whether the received packet is at least 20 bytes.

iii) Check whether the transaction ID is the same as selected at the connect request.

iv) Check whether the action is a value corresponding to an announce.

v) Do not request announce again unless an interval time (seconds) has elapsed or an event has occurred.

Error response:

If an error occurs in the tracker server, an error packet may be transmitted.

i) receive the packet.

ii) Check whether the received packet is at least 8 bytes.

iii) Check whether the transaction ID is the same as selected at the connect request.

(3) torrent traffic screening blocking method in a network according to an embodiment of the present invention

FIG. 2 is a block diagram illustrating a torrent traffic screening blocking method of a network using a UDP tracker protocol packet according to an embodiment of the present invention.

2, the torrent traffic screening blocking method of the network according to an embodiment of the present invention blocks a connect request message and an announce request message of a UDP tracker protocol to prevent a client and a tracker server. By interfering with the handshake between them, torrent traffic can be screened out and blocked.

At this time, in the torrent traffic screening blocking method of the network according to an embodiment of the present invention, the size of UDP data is the same as that of the connect request message or the announcement request message, and the action field of the UDP data is determined. If the value matches the connect request message or the announcement request message, the value may be selected and blocked as torrent traffic.

More specifically, the torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network UDP packet 200; Based on the detection result, whether the UDP packet 200 is the same size as at least one of a plurality of structures related to torrent traffic, and whether a specific parameter included in the UDP packet 200 has a value within a predetermined range. Determining whether or not; And blocking the UDP packet 200 based on the determination result.

The plurality of structures may include: a structure 210 associated with a connect request message included in a UDP tracker protocol; A structure 220 associated with an announce request message included in the UDP tracker protocol; And a structure 230 associated with an error response message included in the UDP tracker protocol.

In addition, the specific parameter may include parameters 211, 221, and 231 for an action, and a value within the predetermined range may include a plurality of preset integer values. In this case, the parameters 211, 221, and 231 for the action may be actions.

For example, in the torrent traffic screening blocking method of the network according to an embodiment of the present invention, when the detected UDP packet is the same size as the connect request structure 210 and the value of the action 211 in the UDP packet is 0. ; The detected UDP packet is the same size as the announcement request structure 220 and the value of the action 221 in the UDP packet is 1; Alternatively, when the detected UDP packet is the same size as the error response structure 230 and the value of the action 231 of the UDP packet is 2, the detected UDP packet may be blocked by torrent traffic.

5. uTorrent transport protocol (uTP)

(1) Overview of uTP

uTP is a protocol that allows BitTorrent clients to utilize unused bandwidth while not interfering with Internet connections.

DSL and cable modems typically have transmit buffers of a size that is not proportional to their maximum transmission rate. At this time, the bit trend can quickly fill the transmission buffer. However, since bit torrent traffic is generally a background transmission and has a lower priority than email checking, phone calls, and web browsing, delays corresponding to a few seconds may occur in all bidirectional traffic related to bit torrent.

Bit torrent uses multiple TCP connections, which can be unfairly advantageous in terms of bandwidth over other competing services. This is because TCP distributes bandwidth evenly across all connections. Thus, the more bits the torrent uses more TCP connections, the more bandwidth can be used.

The traditional solution to this problem is to limit the upload rate of the BitTorrent client to 80% of the maximum uplink capacity. However, these solutions have the following disadvantages.

i) The user must configure the BitTorrent client.

ii) The user needs to know the upload capacity of the Internet. The upload capacity is variable.

iii) 20% of the headroom is arbitrary and bandwidth is wasted due to the headroom. That is, if there is no traffic competing with bit torrent, the 20% bandwidth is always wasted. On the other hand, even when there is traffic competing with the bit torrent, the traffic may use only 20% of the bandwidth.

uTP solves this problem by using the modem's queue size as the controller for the transfer rate. In other words, uTP uses a method to reduce the transmission speed when the queue becomes too large.

uTP can utilize the full upload capacity when there is no traffic competing with bit torrent, and can reduce the transmission speed when there is traffic competing with bit torrent.

(2) torrent traffic screening blocking method in a network according to an embodiment of the present invention

4 is a block diagram illustrating a torrent traffic screening blocking method of a network using a uTorrent Transport Protocol packet according to an embodiment of the present invention.

Referring to FIG. 4, the torrent traffic screening blocking method of a network according to an embodiment of the present invention classifies a UDP packet used for uTP into a standard version and a non-standard version, and includes a header format of the standard version and the non-standard version. By performing signature analysis on each of the header formats, the torrent traffic can be selected and blocked.

More specifically, the torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network UDP packet 400; Checking whether the size of the UDP packet 400 is larger than a size of a preset header format based on the detection result; Determining whether the UDP packet 400 satisfies a predetermined condition based on the inspection result; And blocking the UDP packet 400 based on the determination result.

In the determining of whether the UDP packet 400 satisfies a predetermined condition, whether the UDP packet 400 is a non-standard version header format 410 or a standard version header format 420 is selected. Making; And determining whether a specific parameter included in the UDP packet has a value within a predetermined range according to the selection result.

The present invention can check whether the UDP packet 400 is a standard version or a non-standard version by checking a version field of a header format.

In this case, when the selection result is a selection result that the UDP packet 400 is a non-standard version of the header format 410 (that is, a version field does not exist or a value other than 1 is set in the version field). Case), the specific parameter may include a parameter 411 for a flag, and a value within the predetermined range may include integer values less than a preset numerical value. In this case, the preset numerical value may be an integer 5.

In addition, when 1 is set in the version field 421, this indicates that the selection result is that the UDP packet 400 is the header format 420 of the standard version. That is, when a preset integer value such as 1 is set in the version field 421, the UDP packet 400 may be determined as the header format 420 of the standard version. In particular, when 1 is set in the version field 421 and integer values (eg, less than 5) less than a preset value are set in the type field 422, the UDP packet 400 is a standard version. May be determined as the header format 420.

6. Distributed sloppy hash table (DHT) protocol

(1) Overview of the DHT protocol

Bit torrent may use a distributed sloppy hash table (DHT) to store peer connection information for trackerless torrents. At this time, each of the plurality of peers may be a tracker. The DHT protocol can be implemented over UDP.

Hereinafter, a peer refers to a client and a server listening to a TCP port implementing the bit torrent protocol, and a node refers to a client and a server listening to a UDP port implementing the DHT protocol.

The DHT consists of a plurality of nodes and stores the locations of the plurality of peers. The bit torrent client includes a DHT node, which is used to connect to other nodes in the DHT to obtain the location of peers to perform the download using the bit torrent protocol.

Each node has a node ID, which is a globally unique identifier. The node ID is chosen as a random value of 160 bits, such as bit torrent infohash. The distance metric is used to compare the closeness of two node IDs or node IDs and infohash. Nodes must maintain a routing table that contains contact information for a few other nodes. The closer the routing table is to its node ID, the more detailed it is.

An XOR operation may be used for the distance metric. The result of the XOR operation can be interpreted as an unsigned integer. For example, distance (A, B) = | A xor B | to be. Here, the smaller the distance value means that the distance between nodes is closer.

A node can compare the distance between the ID of the nodes in its routing table and the torrent infohash to find peers for the torrent. A node can connect to the node closest to infohash and request contact information for peers currently downloading the torrent. If the connected node knows the peers for the torrent, it returns that peer contact information. On the other hand, if the connected node does not know the peers for the torrent, the connected node should return the contact information of the nodes closest to the torrent infohash in its routing table. The original node repeatedly queries until it finds the node closest to the torrent. When the search ends, the client inserts response nodes with the node ID closest to the torrent's infohash in its peer contact information.

(2) torrent traffic screening blocking method in a network according to an embodiment of the present invention

5 is a block diagram illustrating a torrent traffic screening blocking method of a network using a distributed sloppy hash table (DHT) protocol packet according to an embodiment of the present invention.

Referring to FIG. 5, in the torrent traffic screening blocking method of the network according to an embodiment of the present invention, whether or not torrent traffic may be selected and blocked using the DHT protocol used for trackerless torrents.

As described above, the DHT protocol may be used to share information of peers when not using a tracker. At this time, since the DHT protocol uses bencoding, and each packet is configured as one directory, all packets are encoded in the format d1: <elements> e. The torrent traffic screening blocking method of the network according to an embodiment of the present invention may select whether or not torrent traffic is selected using the above characteristics and block the torrent traffic.

More specifically, the torrent traffic screening blocking method of the network according to an embodiment of the present invention comprises the steps of detecting whether the data transmitted and received with the external terminal device via the network UDP packet 500; Determining whether the UDP packet 500 is a packet encoded in a preset pattern based on the detection result; And blocking the UDP packet 500 based on the determination result.

The preset pattern may include a string 510 including d1 :; At least one element 520; And a letter 530 including e in turn.

The above-described methods may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks. Magneto-optical media, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like. The hardware device described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

As described above, the present invention has been described by way of limited embodiments and drawings, but the present invention is not limited to the above embodiments, and those skilled in the art to which the present invention pertains various modifications and variations from such descriptions. This is possible.

Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by the equivalents of the claims, as well as the claims.

100: HTTP Get Request Message
110: Parameters for hashes associated with torrent files
120: parameter for peer ID
130: parameter for the port number
140: parameters for the user agent

Claims (17)

delete delete delete delete delete delete delete delete delete delete Detecting whether data transmitted / received to / from an external terminal device through a network is a UDP packet;
Checking whether the size of the UDP packet is larger than a size of a preset header format based on the detection result;
Determining whether the UDP packet satisfies a predetermined condition based on the test result; And
Blocking the UDP packet based on the determination result
Torrent traffic screening blocking method of the network comprising a.
The method of claim 11,
The determining step
Selecting whether the UDP packet is in a non-standard version header format or a standard version header format; And
Determining whether a specific parameter included in the UDP packet has a value within a predetermined range according to the selection result;
Torrent traffic screening blocking method of the network comprising a.
The method of claim 12,
If the selection result is a selection result that the UDP packet is a header format of a non-standard version,
The specific parameter
Contains parameters for flags,
The value within the predetermined range is
A method for blocking torrent traffic screening of a network including integer values less than a predetermined value.
The method of claim 12,
If the selection result is a selection result that the UDP packet is a header format of the standard version,
The version field included in the specific parameter has a preset value, and the type field has a value within a predetermined range.
Detecting whether data transmitted / received to / from an external terminal device through a network is a UDP packet;
Determining whether the UDP packet is a packet encoded in a preset pattern based on the detection result; And
Blocking the UDP packet based on the determination result
Torrent traffic screening blocking method of the network comprising a.
16. The method of claim 15,
The preset pattern is
a string containing d1 :;
At least one element; And
character containing e
How to block torrent traffic screening of the network, including in turn.
A computer-readable recording medium having recorded thereon a program for executing the method of any one of claims 11 to 16.

KR1020110121018A 2011-11-18 2011-11-18 Method for preventing of torrent traffic in network KR101145608B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110121018A KR101145608B1 (en) 2011-11-18 2011-11-18 Method for preventing of torrent traffic in network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110121018A KR101145608B1 (en) 2011-11-18 2011-11-18 Method for preventing of torrent traffic in network

Related Child Applications (1)

Application Number Title Priority Date Filing Date
KR1020120019803A Division KR101364927B1 (en) 2012-02-27 2012-02-27 Method for preventing of torrent traffic in network

Publications (1)

Publication Number Publication Date
KR101145608B1 true KR101145608B1 (en) 2012-05-15

Family

ID=46272025

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110121018A KR101145608B1 (en) 2011-11-18 2011-11-18 Method for preventing of torrent traffic in network

Country Status (1)

Country Link
KR (1) KR101145608B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101328351B1 (en) * 2012-11-30 2013-11-21 세종대학교산학협력단 Method and system for controlling bandwidth of traffic based on fuzzy logic
KR20240008479A (en) 2022-07-12 2024-01-19 (주)플레인비트 Method and apparatus for disrupting distribution of torrent-based piracy contents

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009181359A (en) * 2008-01-30 2009-08-13 Duaxes Corp Peer-to-peer communication control unit

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009181359A (en) * 2008-01-30 2009-08-13 Duaxes Corp Peer-to-peer communication control unit

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Bittorrent Protocol Specification(2011.05.30.공개) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101328351B1 (en) * 2012-11-30 2013-11-21 세종대학교산학협력단 Method and system for controlling bandwidth of traffic based on fuzzy logic
KR20240008479A (en) 2022-07-12 2024-01-19 (주)플레인비트 Method and apparatus for disrupting distribution of torrent-based piracy contents

Similar Documents

Publication Publication Date Title
US11758013B2 (en) Methods and systems for caching data communications over computer networks
US10491657B2 (en) Network acceleration method, apparatus and device based on router device
JP4943437B2 (en) Distributed caching of files in the network
KR101424362B1 (en) Chunked downloads over a content delivery network
JP4938092B2 (en) Data distribution method, data distribution system, and related apparatus in edge network
US7761900B2 (en) Distribution of content and advertisement
US20080281950A1 (en) Method and Device for Peer to Peer File Sharing
US20080072264A1 (en) Distribution of content on a network
US8140647B1 (en) System and method for accelerated data uploading
JP2003016036A (en) Verifying system and method for reliability status of peer in peer-to-peer network environment
EP2988512B1 (en) System and method for reconstructable all-in-one content stream
US20210258286A1 (en) Methods and systems for efficient packet filtering
US20060236386A1 (en) Method and apparatus for cooperative file distribution in the presence of firewalls
US20080162718A1 (en) Method and Apparatus for Transmitting Data in Blocks
US20140143339A1 (en) Method, apparatus, and system for resource sharing
KR102122679B1 (en) Method and system for preventing distribution of illegal contents over the internet
US9172744B2 (en) Scalable storage with programmable networks
EP4059202A1 (en) Methods and systems for prevention of attacks associated with the domain name system
KR101145608B1 (en) Method for preventing of torrent traffic in network
US20130054691A1 (en) Flexible rule based multi-protocol peer-to-peer caching
KR101364927B1 (en) Method for preventing of torrent traffic in network
US10992702B2 (en) Detecting malware on SPDY connections
CN106060155B (en) The method and device of P2P resource-sharing
CN117837135A (en) Shared caching in virtualized networks
Cabrera Añon Joining BitTorrent and swift to improve P2P transfers

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E902 Notification of reason for refusal
A107 Divisional application of patent
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20160330

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20170508

Year of fee payment: 6

FPAY Annual fee payment

Payment date: 20180508

Year of fee payment: 7