P2P-Zone - View Single Post - port blocking, throttling, and scrambling

alphabeater · 16-07-02, 06:31 PM

db, thanks from me too for the huge amount of detail you posted - it's the best i've seen describing actual experiences of port blocking. everyone in this thread is suggesting a lot of things i hadn't thought of at all.

looking at the posts above, an interesting set of problems are posed. a way of calculating a port number is needed which:

- is almost random
- cannot be figured out by a peer's isp
- can be figured out by another peer on the network
- is static for use with routers/firewalls

to stop isps creating lists of all the ips they own and which port needs to be blocked for each, at first i considered involving the gmt date in the algorithm, and changing all listen ports every day at gmt midnight. this would solve the first three problems in the list, but make it impossible to solve the last.

however, an answer could be found if some other detail apart from the ip address of each user were known to every peer in the network about each other peer. this could work, to a degree, for kazaa usernames (supernodes return both usernames and ips with search results, although the network is closed so i can't really check that for sure). if kazaa were to implement a port worked out with usernames, not ip addresses, then that could work.

for example,

if i'm alphabeater@KaZaA

the first five characters of my name are 'alpha'
if, for the sake of programming, we say a = 0, then there can be 25 (a nice number) letters in the alphabet (any numbers in the name could be left as they were).
so,
a = 1, l = 12, p = 16, h = 8, a = 1

in this example, we now have 38 (it's min 5 and max 125). multiply this by 80 and we have a number from 400 to 10000. if the result turns out as 2000 or under here, then it can be subtracted from 10000 to get the final result.

in this example, we're now using port 3040 for listening, and this port could be obtained by anyone who knew that the first five characters of my name are 'alpha', but not automatically listed by an isp.

this calculation could, again, be a lot more complicated, and the string used could change depending upon the p2p network layout, as long as any peer on the network needing to make a connection could calculate the other peer's port reliably it wouldn't matter. this technique also has the advantage of generating a static port for as long as the user keeps their identity on the network the same, even if the ip involved is dynamic, making it easier to configure firewalls and routers.

overall, i think known string-based port scrambling could be more effective than ip-based port scrambling.

16-07-02, 06:31 PM	#17
alphabeater Registered User Join Date: Jul 2002 Location: uk Posts: 97	db, thanks from me too for the huge amount of detail you posted - it's the best i've seen describing actual experiences of port blocking. everyone in this thread is suggesting a lot of things i hadn't thought of at all. looking at the posts above, an interesting set of problems are posed. a way of calculating a port number is needed which: - is almost random - cannot be figured out by a peer's isp - can be figured out by another peer on the network - is static for use with routers/firewalls to stop isps creating lists of all the ips they own and which port needs to be blocked for each, at first i considered involving the gmt date in the algorithm, and changing all listen ports every day at gmt midnight. this would solve the first three problems in the list, but make it impossible to solve the last. however, an answer could be found if some other detail apart from the ip address of each user were known to every peer in the network about each other peer. this could work, to a degree, for kazaa usernames (supernodes return both usernames and ips with search results, although the network is closed so i can't really check that for sure). if kazaa were to implement a port worked out with usernames, not ip addresses, then that could work. for example, if i'm alphabeater@KaZaA the first five characters of my name are 'alpha' if, for the sake of programming, we say a = 0, then there can be 25 (a nice number) letters in the alphabet (any numbers in the name could be left as they were). so, a = 1, l = 12, p = 16, h = 8, a = 1 in this example, we now have 38 (it's min 5 and max 125). multiply this by 80 and we have a number from 400 to 10000. if the result turns out as 2000 or under here, then it can be subtracted from 10000 to get the final result. in this example, we're now using port 3040 for listening, and this port could be obtained by anyone who knew that the first five characters of my name are 'alpha', but not automatically listed by an isp. this calculation could, again, be a lot more complicated, and the string used could change depending upon the p2p network layout, as long as any peer on the network needing to make a connection could calculate the other peer's port reliably it wouldn't matter. this technique also has the advantage of generating a static port for as long as the user keeps their identity on the network the same, even if the ip involved is dynamic, making it easier to configure firewalls and routers. overall, i think known string-based port scrambling could be more effective than ip-based port scrambling.