3

In any typical P2P file sharing app, say DC++, the typical operations are search content, push content and pull content. A peer node broadcasts/multicasts its query to fellow peers and receives replies.

My question here is, that when a peer X contacts and connects to other peers in the network, what of his private information could be exposed through the exchange of TCP/IP connections- whether it be in the packet headers or the payloads? His MAC address? His IP address? His system configurations?

Am I right in assuming that the TCP stream (for example) of the connection carries information (in ascii) which could reveal personal information which the user did not intend to reveal?

And is the information visible only to the first peer he connects to, or even after the first hop?

Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
pnp
  • 1,818
  • 2
  • 26
  • 42

3 Answers3

3

If the P2P software isn't explicitly designed for privacy you should assume that it does not provide any privacy.

Some of the data that you are likely to leak when using P2P software might be:

  • IP address
  • Any personal files you accidentally share
  • Any data you provide to the P2P software (e.g. username)
  • Any data wilfully provided by the P2P software (e.g. version, operating system)
  • Any data leakage associated with vulnerabilities in the P2P software
Andy Smith
  • 2,742
  • 18
  • 24
  • You can elaborate your last two points or provide suitable links/references so that I may explore them further? – pnp Oct 11 '12 at 15:42
  • @pnp For example, torrent clients. Wilfully provided - most torrent clients will identify their version and even their platform (http://wiki.theory.org/BitTorrentSpecification discussed client version being encoded in peer_id). Data leakage - any vulnerability in a piece of p2p software, more recent example that comes to mind is the remote exploit in utorrent - http://torrentfreak.com/utorrent-vulnerable-to-remote-exploits/ – Andy Smith Oct 11 '12 at 15:53
2

If the protocol is not designed to protect your identity from peers, you should assume it doesn't.

For ADC you'll get the IP address and date/time, which is enough to be identified by the ISP. MAC addresses are layer2 addresses and don't route. Sometimes you can determine them because of leaks in higher layer protocols (e.g., SMB), but any reasonably secure system would not leak that info.

'hops' could mean layer-3 routing hops, or could mean some aspect of a P2P protocol. To the best of my knowledge ADC creates direct connections between peers for file transfers, so there are no hops, just direct connections.

Your client could leak any information it has access to, which is true of any software. Most P2P softare leaks the client software, version, and implies the OS.

mgjk
  • 7,535
  • 2
  • 20
  • 34
  • In P2P, we generally talk in terms of the 'P2P overlay network' (see http://en.wikipedia.org/wiki/Overlay_network) without considering the underlying network. So a peer which is my neighbor in the overlay, even if in a different country, is one 'hop' away. Although ADC has actual direct connections, this will not be the case with torrents, skype etc. Does this definition change your reply in any way? – pnp Oct 11 '12 at 15:36
  • It doesn't change the reply, the protocol gives the IP of the peer. You'll see it in netstat. The same is true of peers in bittorrent, and mostly true of Skype. Skype can have super-nodes which act as relays, or, I agree you could call them 'hops' if the Skype protocol has its own network layer. Trouble is, Skype and Bittorrent are miles more complex than ADC... I can't say much about them. – mgjk Oct 11 '12 at 16:50
2

Typically, based on the p2p client used, as @mgjk has mentioned, whatever data is available to the client can be leaked. To answer your specific questions :

IP address - This is definitely leaked, since it is needed to create the connection in the first place (different story if you're behind a proxy)

MAC address - Even if the client used has access to your MAC address and does in fact leak it, an attacker outside your network cannot do anything with it

System Configuration - Yes, the version of your OS could be leaked

sudhacker
  • 4,260
  • 5
  • 23
  • 34