Chinese BitTorrent, the gift that keeps on giving

8 years ago
WAT.

After a bit of logging and searching I found out that some Chinese ISP (probably CERNET according to the results of whatsmydns.net) and some Turkish ISP (probably TTNET) respond to dns queries such as a.tracker.thepiratebay.org with various IPs that have nothing to do with piratebay or torrents. In other words they seem to do some kind of DNS Cache Poisoning for some bizarre reason.

So hundreds (if not thousands) of bittorrent clients on those countries make tons of 'announces' to my webservers which result pretty much in a DDoS attack filling up all Apache's connections.

So basically, entire countries' worth of porn hounds randomly start hammering on my server all at once, even though no BitTorrent traffic has ever passed to or from the network it's on, because for some unknown reason, the now-long-defunct piratebay tracker sometimes resolves to my IP address. Hooray.

This (possibly) mitigates the problem somewhat, by returning an actual BitTorrent error message to the clients so they stop retrying sooner:

<Location ~ "^/announc">
  ErrorDocument 404 "d14:failure reason13:not a tracker8:retry in5:nevere"
</Location>

We had previously blackholed the entire Chinese IP space because of this, but we missed some.

Hi, how's your day going?


Update: No, I don't think that ErrorDocument helps. I see the same BitTorrent clients hitting me every couple minutes regardless. (At first I thought it might have been a problem that literal ErrorDocuments like that send as text/html, but I changed it to text/plain and that didn't change anything.) There are still more subnets to killfile, I guess...


Update 2: Some suggest that returning a 410 instead of a 404 to BitTorrent clients may be more effective. I have not verified this myself, but to do that, do this:

RewriteEngine On
RewriteRule ^/announc - [G]
<Location ~ "^/announc">
  ErrorDocument 410 "d14:failure reason13:not a tracker8:retry in5:nevere"
</Location>
18 Comments
Tags: , , ,
Current Music: The Cure -- Give Me It ♬

Possibly the last time I'll get to say "Metreon Deathwatch".

8 years ago
Moscone Center Losing Forever Broken Video Art Piece

Many of you may recognize the always black, powered-down, street-facing video panel on the side of Moscone Center West. But most of you probably have never seen it turned on and were not aware that this is actually a public artwork titled 'Facsimile' that cost $1.5 million and that has spent most of the last 12 years since its installation totally broken. The SF Arts Commission voted last fall to finally dismantle and remove the thing.

The 15-foot by 25-foot LED screen was intended to be mobile and dynamic, broadcasting its images while slowly gliding across the surface of the building, mounted on 100-foot-tall steel arms attached to the top and bottom of the glass facade. Unfortunately, the screen was prone to over-heating, it only functioned for about a month back in 2003, and during that time it even started to squeak as it moved.

Previously, previously, previously.

7 Comments
Tags: , , , , ,
Current Music: Vum -- Both Sides of the Wall ♬

  • Previously