PDA

View Full Version : Proxy Socks & Torrenting


Renk
06.11.20, 02:15
Is it secure to use Socks5 proxy when torrenting (instead eg a VPN)?

This link (https://forum.deluge-torrent.org/viewtopic.php?t=55540) may help to answer (or not???)
anon
07.11.20, 23:14
First of all, let's clarify some things.

SOCKS has limited support for UDP (a.k.a. UDP ASSOCIATE message). A SOCKS client is able to tell its proxy "I need you to speak UDP with this host", and it will, but traffic between the proxy and the client will remain TCP, essentially "translating" the protocols. This generally results in suboptimal performance.
SOCKS also has limited support for port forwarding (a.k.a. BIND request). A proxy can forward those to a client, but there must be an existing connection to the host it expects them from, which logically means it must be known in advance. This is acceptable for FTP active mode, but not BitTorrent where you'll receive lots of connections from peers you know nothing about.
Both of the above features must be supported by both proxy and client. Often support is "good enough" and does not adhere 100% to the specification. Also, they're mutually exclusive, which means no support whatsoever for incoming UDP.
There's a difference between incoming connections and incoming data. The Wireshark screenshot in that forum thread shows no evidence of the former.

Therefore, SOCKS proxies are fine for casual use, secure if your client is configured correctly (no DHT, PEX, local peer discovery, UDP trackers, uTP, UPnP, local DNS or IPv6), and have the advantage that their usage can be confined to a single program (unlike VPNs which generally tunnel all traffic). Hardcore users will prefer a VPN with port forwarding, though.
anon
17.11.20, 08:20
If you want to experiment with this, here's a multiplatform, fully standards-compliant proxy server.

https://github.com/z3APA3A/3proxy

Back in the day, I routinely abused free Web hosts by uploading and executing the SOCKS-only version of this through a PHP shell, since it didn't require root. chmod not available? Just copy some other executable binary and overwrite it (on very old systems you can also run the library it uses with the binary's path as the first parameter).