John Hurliman

The Barracuda Web Filter is used by many college campuses and businesses to protect users from spyware, viruses, objectionable content and unauthorized software. There are several port/ip blocking options and packet filters specially tailored for popular applications, along with an extensive web filter. The web filter preys upon unencrypted HTTP headers for banned URLs, mime-types, and file extensions. In the case of the Washington State University setup the application/x-bittorrent mime-type is blocked, which as I mentioned in a previous post blocks access to lots of Internet content such as NASA torrent files, art, software and operating system such as Linux, movies and television, and more available from various legal torrent trackers. Strict policies can also interfere with game update clients such as the World of Warcraft updater, although Student Computing Services tells me an exception has been made so the WoW updater functions. This doesn’t address other game updaters such as the installer/updater found in Gunz.

The packet filtering options in the Barracuda Web Filter are ineffective against encrypted Bittorrent traffic, so forcing encryption on all inbound and outbound connections with a client such as uTorrent or Azureus will ensure the actual download completes safely. Now the only problem is getting the actual .torrent file off the net. If you can get the file through an alternative means such as IRC, FTP, or IM/e-mail from a friend that will work fine, but often times this isn’t feasible. There are many different ways of grabbing the files off the web with various requirements and ease of use for each option. The first option works if you have access to a remote server running SSH, VNC or an equivalent and a web or file server. SSH in to the server and wget the torrent file, making it accessible to download from a web interface that doesn’t send the application/x-bittorrent mime type, or an FTP or alternative server. Requires technical knowledge, access to a remote server, and is very tedious and therefore the least favorable option. The next option requires a remote web server as well, and involves a simple PHP script that passes a remote file through and rewrites the mime-type to avoid the filter.

header("Content-type: application/x-notbittorrent");
readfile( $_GET['url'] );
?>

If you uploaded that script as index.php to http://www.a.com/torrents/ you could fetch a remote torrent file with http://www.a.com/torrents/?url=http://www.b.com/ubuntu.torrent (or whatever torrent file you were seeking). Aside from requiring a server with PHP and url readfile support, the resulting download will have a random name that needs to be renamed to a .torrent file to be recognized by some Bittorrent clients. This also requires technical knowledge and is not the most favorable option by far.

The final option presented here (but not the final option by a long shot) is to use an anonymizing network to fetch the torrent files. The Tor network is a collection of servers scattered across the globe that route traffic over an encrypted, anonymous mesh network to protect Internet privacy. To get up and running quickly you will need Tor, Privoxy (a proxy to connect applications to the Tor network), and the Tor Button for Firefox (a convenience shortcut). Linux and OSX users can grab Tor and Privoxy easily enough, for Windows users there is a Tor+Privocy+Vidalia (a frontend) bundle available at http://tor.eff.org/download.html.en. Install, right-click the Tor icon in the system tray and click Start, and finally download the Tor Button for Firefox which adds a small button in the bottom-right corner of Firefox to quickly enable and disable routing web traffic over Tor. Make sure to enable it before downloading a torrent or visiting any objectionable content, and disable it to increase speed for work or research related browsing. This is considered the best option since it doesn’t require access to an external server, can be installed and running in less than 10 minutes with a moderate level of technical knowledge, and is a generic solution to protect all web traffic. Other applications can even be configured to use Tor, although it’s not recommended to run P2P or bandwidth intensive applications over it. The bandwidth for the network is donated by volunteers and as bandwidth caps are hit on the servers they will temporarily shut down, slowing down the network in general. For example my server has a 700MB daily quota for the Tor service, once that limit is hit it will shut down and wake up the next day. If you make use of the Tor software and find it useful, consider becoming a member of the EFF or making a donation to the Tor project.