Blocking of BitTorrent traffic by Rostelecom, 2021-09-03 to 2021-09-07

[wkrp]

Between 2021-09-03 and 2021-09-07, many people in Russia found they could not use BitTorrent. It was noticeable enough to make the news:

• Gazeta.ru: Некоторым пользователям заблокировали торренты. Как это объясняют / Some users have been blocked from torrents. How it's explained (archive)
• Rambler: На фоне блокировки VPN у клиентов Ростелеком упал BitTorrent / BitTorrent dropped due to VPN blocking in Rostelecom customers (archive)

The discussion on NTC begins here and there is a large discussion on OpenNet (archive). From what I can gather, the block affected at least the following protocols: tracker (not sure if HTTP or UDP), the DHT protocol (UDP-based), and uTP (UDP-based, a data transfer protocol). It appears to have affected only users of Rostelecom, and perhaps only in certain regions (Ural, Krasnodar).

An OpenNet post gives a timeline:

Итого, мы имеем следующее:

• 03.09.2021 г. - полная блокировка протокола (DHT и анноунсеры были заблокированы, в т.ч. Ubuntu, Debian и Fedora). Торренты не качались до позднего вечера.
• 04.09.2021 г. - анноунсеры популярных дистрибутивов вывели из под блокировки и ISO образы начали качаться, но DHT сеть продолжала быть недоступной.
• 07.09.2021 г. - блокировку DHT похоже сняли на фоне шума в СМИ.

So, we have the following:

• 2021-09-03 - full blocking of protocol (DHT and announters were blocked, including Ubuntu, Debian and Fedora). Torrents were not downloaded until late night.
• 2021-09-04 - Announcers of popular distributions were unlocked and ISO images began to be downloaded, but DHT network continued to be inaccessible.
• 2021-09-07 - DHT blocking seems to have been lifted amid media hype.

The timing of the blocking of BitTorrent coincides with the announcement of the onset of blocking of the latest batch of VPN services. It also coincides with the beginning of reported problems using WireGuard in Russia. A user at NTC points out that the header of uTP, one of BitTorrent's protocols, frequently begins with the bytes \x01\x00. The first packet of a WireGuard handshake begins with the bytes \x01\x00\x00\x00, so a matching rule for uTP could easily also unintentionally match WireGuard, and vice versa. The fact, though, that many users also reported problems with the BitTorrent DHT protocol, which is quite different from uTP, suggests that the block was aimed at BitTorrent, not WireGuard. Than again, disruption to WireGuard was reported by users of many ISPs, not only Rostelecom, which according to news stories is the only ISP to have implemented restrictions on BitTorrent. It's not fully clear to me what happened, or whether these incidents are related.

[wkrp]

@ValdikSS reports a further block of the DHT protocol since 2021-09-19 on the ISP Ufanet. Sending a UDP packet that begins with d1: (which is the start of a bencoded dictionary, as used in the DHT protocol) results in a block on the 5-tuple (UDP, src IP, src port, dst IP, dst port) for 4–5 minutes. But the block only occurs if the d1: pattern appears in the first packet in the session for the 5-tuple. Sending any garbage packet (with the same source port and destination port) before the first DHT protocol packet avoids the block.

As with the recent DNS/DoH/DoT block, there is suspicion that the DHT protocol is targeted for being used internally in the Smart Voting app, via the NewNode framework.

Предположительно, блокировка DHT вызвана использованием фреймворка NewNode в приложениях Навального для мобильных устройств, который использует эту сеть для поиска пиров.

Presumably, the DHT blocking is caused by the use of the NewNode framework in Navalny applications for mobile devices, which uses this network to search for peers.