PDA

View Full Version : Optimize clients To Outwit ISPs shaping



SAM
03-02-2013, 07:23 PM
These days, nothing worries an internet service provider more than peer-to-peer file trading. Depending on where you live, P2P can account for between 50 and 75% of broadband internet traffic. We mostly have the popularity of BitTorrent to thank for this crazy amount of data going to and fro.

This amount of traffic can raise the ISPs daily costs of delivering service, cause congestion either in your neighborhood or on the ISP's network, and force the ISP to buy increased bandwidth capacity.

But if you've been paying close attention to your BitTorrent transfers (or if you've simply been reading the news) you'll notice that ISPs have begun to take drastic measures to slow that flood of data currently clogging up their pipes.

Even though many of them deny it, most ISPs actively engage in traffic shaping, bandwidth throttling, connection denial or some such tactic to keep the amount of bandwidth consumed by high traffic applications on their networks to a minimum. While this does often ensure better performance for everyone in the neighborhood, it can mean painfully slow transfer speeds for those dabbling in P2P -- legit or not.

Methods of Fooling ISPs

So how to get around an ISP that's throttling your BitTorrent traffic? You can try encrypting your traffic, changing the default port number, changing the way the protocol behaves, reducing the amount of one-way traffic, or hiding your traffic within an encrypted tunnel.

Of course, different ISPs are employing different methods of control. None of these methods are guaranteed to work. But each one is known to work for some, and they are certainly worth a try.

How To Encrypt to Your BitTorrent Transfers:

The RC4 encryption offered by many popular BitTorrent clients today will obfuscate not only the header but the entire stream, which makes it considerably more difficult for an ISP to detect that you're using BitTorrent. Even if your ISP does not force you to enable encryption, you may be connecting to peers with ISPs that do.

Encryption began appearing on clients in late 2005. By the end of 2006, most actively-developed clients were updated with encryption. While not all torrent clients in a swarm will support encryption, most of them will. As a result, this small percentage of non-encryption capable peers may be a reason not to force encryption on a full-time basis, but there is no reason not to enable encryption that allows the falling back to a non-encrypted connection when needed.

If your favorite client is not listed below, check your documentation.

Azureus/Vuze
Azureus (which now calls its official client Vuze) is written in Java and therefore cross-platform. To turn on encryption, head to the Tools menu. Select Options, then Connection, then Transport Encryption. Check the "Require encrypted transport" box and select RC4 in the "Minimum encryption" drop-down menu.

Azureus/Vuze also offers an "Allow non-encrypted outgoing connections if encrypted connection attempt fails" option, which means you'll still be able to hop on torrents that don't have any encrypted seeders.

µTorrent
µTorrent (and now BitTorrent which is based on µTorrent) is a Windows-only client. In µTorrent, open up the Preferences panel and select the BitTorrent tab. Select Protocol encryption and then choose between "enabled" and "forced." µTorrent's "Enabled" option mirrors Azureus' option to allow unencrypted connections when no encrypted clients exist. It will give you more connections, but it won't be as effective at defeating traffic shapers.

µTorrent/BitTorrent also offers a option to 'Allow legacy incoming connections' which lets non-encrypted clients connect to you. This improves compatibility between clients but again, makes your traffic more vulnerable to shapers.

BitComet
BitComet is another popular Windows Client (98/Me/2000/XP). To turn on encryption in BitComet, head to the Options menu and choose Preferences. Then go to Advanced > Connection and select "Protocol encryption." There are options for "auto detect" and "always."

As with the others, "auto detect" will connect to more peers, but it won't hide traffic as well. You'll need to play with the settings in your program to see if it has any affect on your download/upload speeds.

Other clients that support encryption include KTorrent (Linux), rTorrent (Linux, Mac) and BitTornado (Windows).

How To Change Your BitTorrent Port Number:

The default port for BitTorrent transfers is port 6881, with some clients using different ports within the range of 6881-6999. As a result of ISP interference, all clients allow you to change the port number (or port range, sometimes) used for BitTorrent transfers. The setting is in the Options or Preferences for your client, or can be set using a command-line parameter.

Whenever you change your port, you need to adjust your router to allow incoming connections. An excellent service at Free Help Forwarding Ports - PortForward.com (http://www.portforward.com/) can guide you through the entire process of locating the current port being used (which allows you to change it), and then configuring your router to match.

How To Change the Way the BitTorrent Protocol Behaves:

The BitTorrent protocol has a distinct handshake. To control uploading by seeders, ISPs have learned to look for this handshake. The recent releases of both µTorrent and Azureus/Vuze include a "Lazy Bitfield" feature to hide seeders from ISPs. When Lazy Bitfield is enabled, the handshake is changed to make a BitTorrent seeder initially appear to be a non-seeding peer (sometimes called a leecher). This is done by sending a bitfield indicating missing pieces. Then, once the handshake is done, the client notifies its peer that it now has the pieces that were originally indicated as missing.

Azureus/Vuze
Azureus (which now calls its official client Vuze) is written in Java and therefore cross-platform. To turn on encryption, head to the Tools menu. Select Options, then Transfer. Enable Lazy-Bitfield here.

µTorrent
Lazy Bitfield is controlled in the Advanced section Preferences: peer.lazy_bitfield.

How To Reduce the Amount of One-Way transfers:

Most downloaders become seeders when they have 100% of the archive, then they spend the next several hours "paying back" the swarm until they have provided at least as many bytes uploaded that they downloaded -- a ratio of 1:1 or 1.00. As mentioned before, some ISPs make efforts to control seeders. Seeders generate one-way (outbound) traffic, and this traffic is sometimes the most troublesome for ISPs to handle.

Most clients are configured with a "speed limit" set Upload Maximum Limit in kB/s and an unlimited Download Maximum Limit. To reduce the amount of one-way transfers, the client needs to upload at the same rate (or less, overall) than it is downloading. While this means that the download will be a lot slower to complete, it also means that it will complete at a 1.00 ratio or above.

For example, perform your transfer with an Upload Limit of 30 KB/s and a Download Limit of 25 KB/s. When you first join you won't upload at all because you have no pieces to share yet. But after several minutes, the total bytes uploaded should be equal to or above the total bytes downloaded. When your download is complete, you will have little or no obligation to continue seeding as you already have uploaded enough to the swarm.

This tactic is not always effective or efficient. Some swarms have too few peers left that need data, making it difficult to reach your desired upload rates.

Many multi-torrent clients (Azureus/Vuze, µTorrent, BitComet, and others) provide the option of setting maximum upload and download rates on a per-torrent basis. These settings are found either in a right-click menu or in the Properties of each torrent. Some clients also allow Global Settings that affect all torrents being managed by the client, however the Global Settings do not provide a correct balance to ensure that a one-way transfer is avoided.

Azureus/Vuze provides the additional useful option of limiting the number of seed connections while downloading. This setting is found on the Options panel of each individual torrent.

How To Hide BitTorrent within an Encrypted Tunnel:

With the advent of Application-Layer Inspection, some ISPs may recognize and control BitTorrent traffic despite your best efforts.

You may be able to hide the BitTorrent traffic in an encrypted tunnel -- a transport path within the normal transport paths provided by TCP and IP. You can tunnel your traffic through cooperatives such as The Onion Router (TOR)* or I2P. Commercial Virtual Private Network (VPN) providers such as Relakks or SecureIX will also help keep your ISP from detecting exactly what you're doing. If you are familiar with SSH and SSH Tunneling, this is also a possibility. However, some ISPs even throttle or inhibit these encrypted tunnels.

Azureus provides in-client support for TOR and I2P. Other clients will have to set up the software as recommend on the TOR or I2P site.

*Note: TOR has been updated to allow peer-to-peer download data, despite any information to the contrary (it used to be prohibited).

Now For the Bad News

ISPs are taking advantage of more sophisticated shaping technology all the time, and many of the newer shapers won't be fooled by encrypted traffic. For instance, Sandvine (the shaping tool many believe Comcast and other ISPs employ) won't be fooled by obfuscating your traffic.

So what can you do beyond obfuscating?

The short answer is not much. There is no fool-proof way to do beat the shapers. You best choice is probably to switch to an ISP that doesn't employ anti-BitTorrent traffic shaping. In the long run, this also has the benefit of sending an effective message to your ex-ISP.

For a list of ISPs to avoid, have a look at the list maintained on the Azureus Wiki.

But what if you have no other option when it comes to ISPs? Start by calling customer service. Call now and call often. Disgruntled consumers often cost an ISP far more money than a large amount BitTorrent traffic. And by all means, try these ideas, though your results may vary considerably depending on what shaping tools your ISP is employing.

Higor
03-05-2013, 06:52 PM
Monopolic state ISP.

>> No throttling
>> The only 'illicit' activity is port scanning.
<< Shitty ping to outside of the country *FFFFFFFFUUUUUUUUUUUUUUUUUUUUU*
>> Less than 15-30 ping inside the country (1-15 on fiber).
>> Dynamic ip.
>> Free of charge setup.

Overall, it's pretty good.