How Logistep catches file sharers

Martin Brinkmann
Apr 15, 2007
Updated • Jun 11, 2013
File Sharing, Security

It is no secret that companies like Logistep are monitoring p2p networks to sue file sharers who are spreading software from clients like Zuxxez, a German company who recently sued 500 British p2p users claiming that they illegally distributed the game Dream Pinball 3D.

The website Torrentfreak got their hands on a copy of one of those letters that alleged file sharers have received which details how Logstep determines if users are distributing a game, application or media illegally.

Logistep uses a software called File Sharing Monitor that targets E-Donkey and Gnutella users. Here is how it works:

  • The software connects to a p2p server and requests a file name recording all IP addresses that offer that name
  • They request to download the file and if the download is permitted record the following information into a database
  • File name, file size, IP of the distributor, P2P protocol, P2P application, the time and the username
  • When this is inserted the application does an automatic whois to find out the user's Internet Service Provider to create and send out the letter.

I think it is interesting to note that this is almost an automatic process which leads to some questions. How do they know which archive has the correct size and is actually their product and not a broken archive? Is not it only possible to know the exact file size if they downloaded it at least once to verify that is is indeed their product?

Let us assume that they are not stupid and that they filter out every file below a certain size to prevent that users who do share mods or patches get sued. Let us further assume that a file that is labeled a certain way (with group tags) and shared among many users is the right program. Does this mean that the user that they are suing is responsible? They will always sue the account holder which could or could not be the person who shared the files.

What possible solutions can I think of that make the Logistep file monitor useless? Please note that this is hypothetical, I'm not advising anyone to actually use the methods listed below.

  • don't share files
  • share only files with no plausible file name (3dpd)
  • use encryption to share the files
  • use vpns like Relakks to share them
  • switch to Usenet
  • buy the game ;)

Can you think of anything else?


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Quasimodo said on April 18, 2007 at 4:03 pm

    The same goes for utorrent and Azureus.

    Force the protocoll obfuscation.

  2. Quasimodo said on April 18, 2007 at 4:01 pm

    Just ENABLE and FORCE protocoll obfuscation in the eMule security options (.47c).

    Since Logistep uses a Shareaza derivate, you will avoid ANY communication with those clients !!!!

  3. Michael Griffin said on April 17, 2007 at 2:50 pm

    Cox sent a letter regarding use of a torrent downloading/sharing a file to someone I know. This possibily what was used to track him.

  4. Tobster said on October 30, 2010 at 6:11 pm

    Forcing ISP’s to store everything someone does on the internet so the government can constantly spy on it’s citizens? I’m afraid we don’t share the same definition of ‘enlightened thoughts’.

    The first part of your post is also factually wrong.

  5. Quentin Crisp said on January 7, 2010 at 11:27 pm

    All the posts so far are very inaccurate and what has been suggested will have little or no real effect on the program used .
    Under new laws to come into force in the UK all ISP will be forced to give your details automatically via the system in place at the ISP.
    UK law is to be 20 years ahead of many other nations and i wish to thank the UK government for such enlightened thoughts

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.