Funny how the author immediately decided to shut everything down when he realized the number of peer/torrents still sending requests to the domain.
Orphaned domains like this are interesting, there was a defcon talk, I think, where the presenter bought a bunch of blacklisted orphaned domains just to see if anything would try and connect to them. They got hit with so many botnet clients trying to phone home.
Yeah those orphaned domains are a goldmine for security researchers, there was a similar talk at blackhat where they showed how expired domains from major companies still recieved auth tokens and sensitive data for months after expiry.
Orphaned IPs as well. If you have an IPv4 from your cloud provider and you want to retire it, you should thoroughly scrub your DNS and all other configs before doing so. Otherwise it’s trivial for someone else to spin up a machine on that IP address and abuse your domain.
Please post a link if you’re able, that sounds like a very interesting watch.
I’m a developer but have utterly no experience with torrent architecture, or for that matter anything outside of standard web services and the kinds of things companies do. But I’ve been wondering if BitTorrent technology would be usable for federating content for things such as Lemmy. After reading that somebody was begging for money to offset the $5k/month they were spending to run an instance (I mean, that shows true dedicaton but holy crap dude), it seems like a distributed architecture would make a lot more sense than somebody having to foot the bill for a big-ass server. I just personally wouldn’t know where to begin on a project like that, but maybe if somebody with the right combo of skills and experience gave it some thought…
2 years ago I talked about the core problem with federated services was the abismal scale ability.
I essentially got ridiculed.
And here we are, with incredibly predictable scaling problems.
If we refuse to acknowledge problems till they become critical, we will never grow past a blip on the corner of the internet. Protocol development is HARD and expensive.
That’s terrifying.
Why?
Because necromancy is a forbidden art
From a security standpoint, it means tons of people are requesting unencrypted info from random domains that are possibly no longer controlled by the original owners.
This is just random speculation on possibilities, but somebody could maybe figure out the IP of a suspected pirate for example, setup a dummy tracker, wait for that IP to show up, and then compare any requested hashes against a database of known torrents. How legal and useful in court this could be would depend on the country, but it is a weak point.
At the other end of the spectrum, somebody might find some kind of security vulnerability in a popular client’s tracker interface, and exploit that for malware purposes by setting up a fake tracker, but that’s a bit more of a stretch.
I mean they could also just download a million torrents and record the ips of anyone who connects to them to leech, which is what they already do. This is why you use a VPN while torrenting, because you never know who you’re connecting to.
I’d recommend always assuming the worst when connecting to torrent trackers. I’m not sure that most of us feel that the trackers we are connecting to are highly trusted providers.
deleted by creator
