>>108570296
>Anonymous
Into the trash it goes. Now grow up

>>108570328
You don't see UDP packets to hundreds of fake DHT peers all using port 6881?

>>108570296
time to stress test some people

>>108570296
qrd?

okay but what can I do about it other than continue to run my node as usual.
people try to stifle the DHT all the time, let them waste their time. Don't all clients start to ignore them eventually?
Cool they spent however much it costs to stall people for like 2-30 seconds.

File: 6013312.png (407 KB, 1183x2882)

407 KB PNG

>>108570296
>I found this thing.
>If you want to verify it install this proprietary application.
I'm not going to do that.

>>108570451
Try adding some magnets for most popular movies from rutracker without adding any trackers. Try some ubuntu torrents without trackers. You'd expect DHT to give you a lot of peers every time. Run Wireshark and check how many peers use port 6881. They haven't randomised the setup yet.

>>108570476
BTDigg and other DHT bots grabbing all announced torrents were slight inconveniences you imply. This allows full control of what you get from DHT with high probability. Attacking nodes make you send data to them, and to them only.
https://en.wikipedia.org/wiki/Sybil_attack

>>108570571
Are you aware of any other client that shows it as clear as in the op picture?

It also says BiglyBT shows DHT internals.

>>108570676
Let's make a list.

1. Tixati shows DHT peers. You can run the portable version for that test, and it can be deleted with all the data afterwards.

2. BiglyBT with Mainline DHT plugin shows peer addresses in tooltip. It's open source.

3. ???

4. ???

If you are a typical qBittorrent user, your DHT table is also full of fake peers, only you can't see that. A single number is supposed to indicate everything about DHT.

>using dht

BBT chads stay winning

File: 1757577781260430.png (50 KB, 1008x839)

50 KB PNG

>Anonymous from I2P

>>108571100
I seed unpopular torrents from sites that have been dead for almost two decades now. They slowly but steadily reached triple digit ratios. DHT made it possible.

>>108570328
Ironic.

>>108570296
Huh, interesting. Guess I'll null-route all those IPs and add a bunch of fake hashes to prevent this.
I thought that DHT had been strangely ineffectual lately.

hop on fopnu until they stop

>>108571344
>closed source
Fuck no

>>108571327
You don't have a static list of nodes to ban, they are switched each day. You also need to figure out which ones are fake. How would you do that?

>>108571133
run irc bot

xdcc-search.
com/want-a-bot

>>108571383
That's what the fake hashes are for as that document recommends. Basically, you're trying to bait them into telling you they know who has the data but they literally cannot since the hash isn't an actual torrent. Most clients will eventually get fed up with this situation and evict them from your DHT table.

for the occasional public magnet, PEX and udp://tracker.opentrackr.org:1337/announce are enough. DHT stays off, way too many connections/overhead

>>108570296
Hmmm SCOTUS just ruled on Sony vs Cox a few days ago. A hail mary case that tried to put the responsibility into internet providers hands. Lower courts found Cox liable but it was overturned.

>>108571404
if you need more: https://ngosang.github.io/trackerslist/trackers_best.txt

>>108570611
>do this
Isn't a rundown

>>108571058
>DHT table is also full of fake peers
fake peers are not a new thing they usually get banned by the client

>>108571133
How does that happen? Where do people get your torrent hashes from?

>>108571399
>get fed up with this situation and evict them from your DHT table.
yea, you'd experience a bit of delay

>>108571404
I've got more peers over dht.
Bad peers get banned, get the latest qbt and you should be fine.

>>108571622
btdigg

>>108571622
this thread is about DHT. DHT is a system that allows peers to find other peers without a central server, this includes finding torrents where the original site it was uploaded to has gone away, as remember that you can download torrent metadata (.torrent files) from any peer that has it rather than from a website, this is how magnet links work. this means a torrent can stay alive as long as someone, anyone, is seeding it

>>108570328
fpbp

>>108571133
Same I bring long dead torrents back to life and then seed. I'm using ancient utorrent 2.2.1.

>>108571771
You didn't answer the question though. There is no built-in functionality to just search by name in DHT. It's all just hashes. >>108571645 is the answer, but it is centralized system that basically does spying on global DHT network to be able to search like that. It also can be taken down by some stupid DMCA "circumvention" claims as recent github practice shows.

Idk how btdigg does it, but my guess would be that it just listens to DHT and tries to initiate downloading as many hashes it saw as possible to resolve the names of torrents. To be able to do this solo you will need to setup a bot running on your PC for a very long time until it builds up database of torrent names corresponding to hashes you've seen on DHT. Only then will you be able to search meaningfully by name.

>>108571960
you can do it with https://github.com/bitmagnet-io/bitmagnet

>>108571960
oh i see, you're asking how you "search" the DHT rather than generally how do you get hashes that are unlisted.
personally i run a bitmagnet instance, which is basically your own personal "btdig", that is it's a self-hosted DHT crawler with a webui and search engine. can't be taken down

>>108570611
>get default port
HOLY FUCKING SHIT DO NOT GOOGLE STANDARD TORRENT PORTS DONT DO IT BRO

File: 1747843311898711.png (376 KB, 1024x1024)

376 KB PNG

>>108571968
That's a nice rec

File: webui-1.png (558 KB, 2436x1622)

558 KB PNG

>>108571968
12 million, god damn

File: Screenshot_20260410_134050.jpg (348 KB, 2076x1405)

348 KB JPG

>>108572338
How long did it take? I just started my.

>>108572361
it's from their site

>>108572361
i got up to 2 million after a week but it keeps getting corrupted in some way and the webui just stops showing up, trying to figure out why. first time it happened was because i ran out of space and the database didn't much like that, but subsequent times idk. i'm transferring it to a new machine so we'll see how it goes. i really like the idea especially for my servarr setup since most torrent sites these days are behind cloudflare which means they can't be used by such programs

File: Screenshot_20260410_135244.jpg (78 KB, 550x859)

78 KB JPG

>>108572386
I started mine using podman-compose, changed yml a bit to use named volume. This way I can transfer volume around and recreate container from scratch however I want and data will still be there.

>>108571622
Anywhere? That's the whole point. You can find the hash on some ancient blog, add it, and wait for a couple of weeks to see if anyone appears.

Anonymous as in CIA?

>>108571609
There's a difference between torrent peer sending wrong data and DHT peer.

>>108572737
Read all later replies in the thread after the post you're repying to. You're confusing torrent files and magnet links with hashes btw. And what you describe is extremely rare. In 99.99% of cases torrent files and magnets are not reposted anywhere other than original tracker website they were posted on. So the way people find torrents from dead trackers is by using systems that reverse engineer DHT system itself like >>108571645 and >>108571968

>>108572057
I only know about a couple of ancient torrent clients that use the so-called standard port as default port, mostly as a joke, because IANA ports had been mostly irrelevant even in the early years of bittorrent. I guess you have never ever opened the peer connections tab to look at their addresses, and relied on helpful AI crap to teach yourself some nonsense, so eat shit.

Can someone give me a quick rundown of what's going on and is it a cause for concern?

>>108572386
>>108572420
i packed up and transferred the data to the other machine (friends' home server to my desktop over the internet) and just ran it now and it works, so not sure why it stopped working on my friends' machine
maybe it's just timing out or something, it really does not seem to like running from a hdd

>>108572770
> You're confusing torrent files and magnet links with hashes btw.
Are you, perhaps, of limited wit?

The only part of the magnet link you really need is the infohash. Here's a trick: paste
C8295CE630F2064F08440DB1534E4992CFE4862A
into your client, and get Ubuntu 25.10. Hashes and magnets are the same thing, and DHT is the global live database that turns them into potential peers and full metadata.

> In 99.99% of cases torrent files and magnets are not reposted anywhere other than original tracker website they were posted on.
Have you uses the Internet at all? Have you accidentally been castrated in the private tracker circlejerk? NyaaTorrens has had a lot of torrents that were re-uploaded from somewhere else, some in 2008, some yesterday. TokyoTosho is itself a database of torrents which came from other trackers. Half of the porn found in the BTDigg and on the ad-ridden link repost forums are public Pornolab torrents, and occasionally some files from original Pirate Bay appear.

Torrents are not tied to trackers, they exist independently. Even private torrents allow the user to set any tracker to find peers. You are free to exchange metadata through any communication channel that exist.

File: Screenshot 2026-04-10 575x468.png (100 KB, 1017x558)

100 KB PNG

>>108572931
>>108572386
at least now i have evidence of it taking about a week to get to 2 million. this last instance i just transferred ran a bit under a week and it's at 1.9 million entries, it was started on the 1st of april with a bit of downtime on the 3rd due to a "i forgot to start it again" issue. also worth noting this as it is has a 14.8GiB database, it's not very small so plan accordingly

File: 3837.jpg (29 KB, 465x372)

29 KB JPG

>>108572880
nothing, its obviously a larp
>Hey fagets, while you were distro-hopping and arguing which media personality is the best to follow to learn what pathetic members of so-called Linux fan community should whine about in comments this week (by the way, they all suck compared to Level1News anyway)...

File: 1767517636581352.gif (3.56 MB, 312x293)

3.56 MB GIF

>>108572973
Im getting the ick

>>108572386
Compiled offline databases with millions of torrents exist. No need to wait for people to send you some filtered scraps, just grab the whole thing.

Tixati has a couple of p2p channels that share all the torrents people could find in such databases, and a search function. Each one has so much data that it makes the program use more that a gigabyte of memory, and perform slower than Photoshop on a 486, so beware. You should probably use a portable installation for that, and not your main client.

BiglyBT has live swarm search over its own DHT. You don't need those crawlers, the torrents already fly by.

File: word-salad.jpg (69 KB, 860x860)

69 KB JPG

>>108573067

>>108573099
> retard starts the program and carelessly clicks on everything without reading any descriptions
> retard complains on the forum that his system is just crawling, and there is no free memory left

> you warn the retard in advance
> retard starts to complain about that

>>108572763
Dht peer obtained via dht, another IP, what am I missing?

>>108572880
bad peers

>>108572057
>STANDARD TORRENT PORTS
no such thing

>>108573167
DHT peer is a node that participates in DHT traffic, not some peer with torrent data found using that DHT.

You are missing how DHT works.
https://bittorrent.org/beps/bep_0005.html

>>108571960
>There is no built-in functionality to just search by name in DHT.
BiglyBT lets you search the DHT using any of the metadata like file size, file name, etc.
It even let's you subscribe to a search so that it polls and aggregates results over time as new peers come online.

Works the same as things like btdigg and >>108571968
Where the client just scrapes and stores metadata.
This is how they implement swam-merging too.

>>108571399
They won't tell you anything. With “allowed” and “unknown” hashes, attacking nodes behave like any other node, they store announces, and respond to you with next step nodes or maybe even previously announced peers. With “disallowed” hashes, any attacking node instantly sends you addresses of other fake nodes, and each of them sends a dozen more. This ensures that you will not contact “less suitable” honest nodes that are naturally not as close to that key as fake nodes, and will not get correct peer data from them. It also poisons your node table, and for the next search you will probably contact those known closest fake nodes directly without even trying others.

Who's actually alerting the developers and the social media?

>>108570611
So this was a bot thread after all, this isn't an answer.

>>108574033
There is no point to explain it to someone who never learned to use a personal computer. You don't know where to look, and won't test anything anyway, you just want someone to entertain you. Please never start Wireshark, or you'll piss your pants the moment the packets start scrolling.

>>108574210
Another bot answer, how predictable! Now, if you would give me the apple pie recipe at once

>>108574216
You don't even have a torrent client, phoneposter.

I still don't get what the issue is
why do you keep reiterating the steps that I should take to verify and not the actual consequences of whatever the fuck is "happening"
Is it "fake peer spam, dht can't find torrents or download shit, dht is now useless"?

>>108570296
>muh anonymouse
This is not 2008 bro

File: tixati.ipfilter.24h.stats(...).png (21 KB, 1316x182)

21 KB PNG

>>108570296
Nice to see someone else paying attention to the BT DHT. There's a lot of shenanigans going on there. What you see is a Sybil eclipse attack against your node_id, where the attacker sends a node_id with a common prefix length CPL > 31 bits to yours. I call it the Black Hole attack because it drags away your home bucket far from where it should be. It's done by DHT scrapers to collect all info_hashes that announce to you. It has been going on far more than 5 months, I have observed it since 2012. It's easy to counter by dropping all Queries/Responses with a CPL > 31, but this must be added by the client dev. I suggest you post about it on the Tixati forum; I will watch out for it. wt

>>108571415
Just a coincidence :^)

>>108574650
nigger there is a link in the OP if you had read it you'd know what's going on
t. just read it and no I will not explain it to you go fuck yourself

>>108570296
I love Russia. I will keep using ruTracker. Russia BaSed.

File: mariolord-mariolord14.gif (74 KB, 474x267)

74 KB GIF

>>108575993
>>108576382

>>108571383
there are IPs that will just suck all of the connection they can. I would recommend banning these IPs in Alt+O --> Connection --> Manually banned IP addresses...

223.78.79.161

223.78.79.193

223.78.79.225

223.78.79.97

223.78.80.1

223.78.80.33

223.78.80.65

223.78.80.97

>>108576991
Range ban 223.64.0.0/11, you'll be happier for it.

File: tixati.ipfilter.6h16m.sta(...).png (19 KB, 1313x165)

19 KB PNG

These four IPs from tixati.meta_vampires.ipfilter.dat hits ~2 times/s with no torrents running. Before with 256 torrents: ~6 times/s. Have not run and updated the filters in a year.

## 490/15 min
5.189.160.21

## 490/15 min
173.249.4.73

## 250/15 min
207.180.192.205

## 1112/15 min
207.180.192.206

>>108572338
>>108572361
>>108572386
You might be able to get 32.5 million faster by importing from these dumps for a bitmagnet predecessor called magnetico, I was going to try it when I bothered setting up a bitmagnet instance
https://tnt.maiti.info/dhtd/
https://github.com/DyonR/magnetico2bitmagnet

>>108571968
Can you make your torrent client use bitmagnet instead of its own DHT functionality so as to avoid duplicating DHT traffic?

>>108576781
Some posters there have already complained about their clients acting out and having zero peers.

Rutracker torrents are 100% known to any observer. They even collect them into a public database:
https://rutracker.org/forum/viewtopic.php?t=5591249

>>108577011
Way ahead of you

>>108570296
I read all of that, and i still don't get it. Are these fake DHT peers spying or serving malware? Please explain it like i'm 5, because clearly i'm fucking retarded.

>>108577282
Torrent clients know the hash that user provides, get the metadata from torrent file or peers, and need to find active peers in the live network.

Magnet databases are for users who don't know the hash, but need to find some with specific filenames or by some other criteria. They generally don't even need an internet connection.

>>108576781
Rutracker is basically banned in Russia, afaik. Same as rutor. Same as some others.
But yeah. You're not wrong for using it if you're not from Russia. And if you're from Russia, you use western stuff, like thepiratebay etc.
Hope you are not that retarded and can understand why.

>>108577457
You won't get a real response as this is an AI bot thread

>>108577011
>>108576991
> Abuse contact for '223.64.0.0 - 223.117.255.255' is 'abuse@chinamobile.com
Is it a chink botnet then? Heard some stuff was stolen from them. Maybe it's a reaction on petabytes of data somewhere on DHT?

>>108577525
Then AI has become sentinent. Because that's OC not available on the net. I have knowledge but have not posted about it before this thread.
My posts:
>>108575993
>>108577179

>>108575993
I've been using Tixati for a while, and DHT looked normal last year, 20-21 buckets, random peers. Maybe the difference is that I have a passive node behind NAT, and they only targeted nodes with dedicated IPs previously.

I would not mind simple crawling, DHT has already been public. Collecting the data at active nodes should have been enough, as they are meeting points for all requests from passive ones, which makes most of the network. Extending the manipulation to passive nodes was probably the preparation for denial of service attacks.

If you block fake nodes that are too close, they can easily switch to a bit more natural values. Repeat a couple of times, and they actually blend with the regular valid nodes. Having certain number of fake nodes in each bucket seems to be enough for manipulation.

Also, closest nodes are not required for inhibiting peer search. They seem to rely on having enough gate keeping nodes around each member of the network. When they see a request for unwanted hash, they instantly give you peers that point to nowhere. Given the number of hashes globally, they probably use some bloom filter for speed.

31.200.249.x peers currently use addresses from 185.16.215.x as proxies. Some time ago, they also used some hosting in Netherlands for that.

People who use popular clients like qBittorrent have no idea that the same happens to them, and that their DHT activity is totally owned.

>>108577953
>If you block fake nodes that are too close, they can easily switch to a bit more natural values.
Yes, that's already happening. It's what I call the Intrusive Neighbor attack, using a CPL between 18–31; it's very flaky and non-trivial to detect. But I'm working on a fix. Also using ut 2.2.1, which can output the current table in the Logger tab.

>>108577563
IDK if it's government or just proxies but for over a decade now any SSH server open to the internet gets hammered 24/7 by braindead bot attacks from 'residential' networks owned by China Mobile and Tencent.

>>108577457
DOI links point to research articles. At least skim trough them. Most often, you put them into Sci-Hub, but those are immediately available on university sites.

https://inria.hal.science/inria-00577043/document
http://www.cs.helsinki.fi/u/lxwang/publications/P2P2013_13.pdf
http://globule.org/publi/SDST_acmcs2009.pdf

https://arxiv.org/pdf/1412.0103
https://eli.sohl.com/2020/06/05/dht-size-estimation.html

Collection of user activity in DHT started ages ago. Copyright enforcers, torrent search engines, common geeks have all been doing that. You have to assume that any hash announcement or peer search your client does is seen by everyone. To limit the exposure, you must use private torrents (no DHT) or whitelist just the single IP address of your friend (i.e. ban the whole Internet to prevent any unwanted connections). Though if you already know the IP:port of a peer, you don't need DHT or trackers, you can add that peer manually. Tixati v3 protocol is also an option if all peers use it. Though the fact that certain users have requested the same hash and then exchanged unknown data can sometimes be damning by itself.

The recent change is denial of service attacks. You add a hit movie or series, fake nodes respond with junk instead of real addresses, your client concludes that no one in the DHT knows any peers for that hash, and there is no one to connect to.

Increased activity in Russia and China is logical. Both countries have a lot of everyday piracy, and in both countries media corporations want to turn non-paying consumers into paying ones. At least in Russia, studios and streaming services are in bed with Roskomnadzor, and basically guide its hand when they want new pirate apps, sites and services blocked. I suppose that the main targets of current attack are not users who watch peer connections and edit firewall rules, but common people with cheap Android TV boxes who get crappy sequential torrenting for dummies apps with movie posters.

>>108578276
If you control the channel to the outside world, you can pretend to be any address on the inside network without any cooperation from that real host. All the reply traffic gets to you first. GFW is known to use IP address spoofing,

>>108578135
I think it's just smooth transition. Some nodes always respond to everyone with 10 byte prefix match for the requesting node, some nodes respond with 9 byte match, some with 8 byte match, and so on. That's how these nodes get into every bucket. It doesn't stop at 18 bits, there are plenty of port 6881 nodes at high and root half buckets.

>>108578350
>The recent change is denial of service attacks. You add a hit movie or series, fake nodes respond with junk instead of real addresses, your client concludes that no one in the DHT knows any peers for that hash, and there is no one to connect to.
Have you tried another client than Tixati?! It has very good logging, but the DHT routing table maintenance is very weak.
I've seen no signs of Sybil Eclipse attacks against info_hashes in my research, only against node_ids. In practice, it's very hard to surround an IH. You only need one honest node, then PEX does the rest.

>>108578541
I think they know what they are doing, and have been steadily growing the network for months, probing and calculating the amount of paths captured on average. Targeting single not very popular client would be silly.

I think they don't jump at each and every opportunity. Temporary client with just a dozen of torrents gets the same DHT peers, but its searches are not crippled. Either they prefer the fattest users, or having a lot of undesired torrents naturally attracts too many of those nodes into your table. They can limit it by content or by user country to align with international licensing, and get money from each company in each region.

Or maybe they don't block anything, and it's just a random routing bug caused by excessive number of torrents.

The blocks are not 100% effective. If you have a lot of real nodes from previous successful searches, they are more likely to be chosen.

>>108578658
I think you overestimate their sophistication. Sybils don't keep state and don't have fuzzy logic, it's too expensive. They collect .torrent files and peer IPs to use for index sites or copyright trolling, using harmful methods simply because that's most efficient. They don't care to try to stop anything, because with DHT, trackers, and PEX, that's very hard and expensive to do.
Hope I don't sound dismissive, I'm very glad someone else knows about this. It's probably only you, me, and the attackers that do.

>>108578956
They have been just Sybil overseers for some time. Then DHT searches stopped working.

>>108578973
Hope you continue to dig deeper, post on the Tixati forum if you find anything interesting.
Try searching for "EBB3A" in the logs, that's a 512-byte deep rabbit hole.

File: f.png (39 KB, 727x893)

39 KB PNG

>>108579015
Regular client search finishes with a list of 150-190 peers, and the client only tries the most suitable ones.

Under attack, you see this. There are three screens of failed nodes below, and their IDs seem to jump around far from the requested key deliberately to make your node check each one.

I did test Ubuntu torrents. Sometimes it works, sometimes it reports 0 peers. I don't think it could be an accident.

Porn torrents seem to be whitelisted.

>>108579174
> Porn torrents seem to be whitelisted.
Or not. But they seem to be the luckiest.

>>108579174
Have you checked the level 6 raw logs for what's happening?
If anyone has any questions about the BT DHT protocol, feel free to ask them here. I will be watching this thread.

>>>108579174
So, looking at the pic, I see nothing unusual. The search has found one peer, has got responses from 19 nodes, and announced to three. The number of nodes that have not responded is a bit high, but not unusual. Tixati has lousy maintenance.

>>108578276
I only started tinkering with hosting stuff on rented VPS servers over the last two years, and I’ve had this issue on all three servers I’ve rented during that time. I don’t know who the IPs belong to, but there were lots of Chinese IPs, as well as some from the EU and the US. I used fail2ban to automatically blocklist them after three failed password attempts.

>>108579320
The expected thing is happening.

During search for key AABBCCDD... fake node #1 responds with own ID that is derived from that key (AABBBBFF...), and provides a batch of nodes with similar IDs (AABBEE11..., AABBC566..., AABBDD00..., and so on) and either inaccessible or random addresses. When they all fail, the client asks the next closest node, fake node #2, which responds with a similar batch, repeat ad nauseam Once in a while they add a new fake node that is actually accessible to that list to continue this merry-go-round.

>>108579470
No, the list of failed nodes takes 3 more screens. The client gets a fake batch, tries to connect, they all fail. It gets another fake batch from another fake node, tries to connect, same. Normal searches do not produce such wall of fails, because some real nodes fail, and some respond with a number of closer nodes successfully. It results in a healthy mix and IDs slowly approaching the key.

>>108579597
As Tixati is closed source, I haven't seen the code, but from observations, it seems that it doesn't use a replacement cache like uT, libtorrent, or BiglyBT do. Also, it seems like it doesn't drop responses with an unexpected node_id.
Do you have the possibility to run only one torrent and then let an AI analyze the raw log?

>>108579597
This is actually interesting. Doesn't the fact that it replies and poisons the well with random addresses, create plausible deniability for anyone actually torrenting any pirated or otherwise illegal material *unless* the peer in question has been vetted as a real peer, that's *really* serving that material, by actually initiating download from them?

Which means this particular branch of enforcers hired by the media industry would be actively frustrating the efforts of the other branch of enforcers they hire to snoop out people and send them C&D notices? Basically making their work proportionally harder?

>>108581045
Letters rely on peer probing and test downloads. Moreover, these DHT nodes do not even reply, how would you argue that they facilitate storing any hash and peer information?

>>108579684
It can be seen in the logs that the same IP address and port sends different ids in response to each new hash you request, so there is no protection against that.

Not my problem. I'm a usenetchad.

>>108579174
For comparison, when you search for non-existing hash, or hash with no peers available, you see some failed nodes (probably behind NAT), and some OK ones that send actual replies that they don't know any peers for that hash.

Also, we have a new metadata collector who gives you peers with "dht-spy/1.0" for the client name. But they are open about it.