←back to thread

Resurrecting a dead torrent tracker and finding 3M peers

(kianbradley.com)
655 points k-ian | 4 comments | 17 Jun 25 17:40 UTC | HN request time: 1.042s | source
Show context
nneonneo ◴[17 Jun 25 19:20 UTC] No.44302842[source]
Now I'm wondering: with the wide range of bittorrent clients out there, and the fact that many are written in unsafe languages, could it be possible for some of them to be exploited through a malicious tracker? It would not surprise me if some of these clients misbehave if fed malformed data from a tracker.
replies(7): >>44304020 #>>44304055 #>>44304380 #>>44305278 #>>44305546 #>>44306010 #>>44306382 #
1. treyd ◴[17 Jun 25 21:55 UTC] No.44304380[source]
Most torrent clients that people use (though not all) are actually wrappers around libtorrent, which is very well tested and has even been audited.
replies(2): >>44306678 #>>44306888 #
2. dafugg ◴[18 Jun 25 04:33 UTC] No.44306678[source]
Libtorrent even has fuzzers specifically for communications with trackers and DHT peers. Obviously this isn’t perfect but it gives me much more confidence than other implementations do.
3. delusional ◴[18 Jun 25 05:23 UTC] No.44306888[source]
It's worth noting that there are at least 3 variants calling themselves "libtorrent" and to my knowledge they don't have a lot in common implementation wise.
replies(1): >>44335834 #
4. boramalper ◴[21 Jun 25 08:45 UTC] No.44335834[source]
1. libtorrent-rasterbar — https://packages.debian.org/sid/libtorrent-rasterbar-dev

2. libtorrent-rakshasa (rTorrent) — https://packages.debian.org/sid/libtorrent-dev

What’s the third one?