Problem solve Get help with specific problems with your technologies, process and projects.

Monitoring P2P activity by tracking corporate IP addresses

Mike Chapple discusses whether you should be monitoring P2P activity with site crawling and info gathering websites like

I recently heard about a site called that supposedly keeps records of which IP addresses are associated with peer-to-peer file sharing networks, specifically whether copyrighted content has been downloaded to those IP addresses. What's your take on this site? Is it legit? Is it worth our time to check our corporate IPs as a method of validating that our users aren't involved in illegal file sharing?

Ask a question

Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)

Yes, the site is legitimate. (Editor's note: As of July 11, is not available. A message on the site's homepage reads, "This site is temporarily closed. Come back some time later.")

Sites like work by simply crawling peer-to-peer file sharing networks and gathering information about who is uploading and downloading files, similar to the way a search engine navigates the Web. These are the same techniques the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA) and other copyright enforcement agencies use to send out thousands of Digital Millennium Copyright Act (DMCA) infringement notices every day.

There’s no harm in running your corporate IP addresses through the site to see what information related to P2P activity it might uncover. However, if your IP addresses appear in the database, you probably already know about it through a DMCA notice you likely received from the copyright holder. Content publishers and copyright holders have become quite aggressive in pursuing copyright violations in recent years. 

Understand there are some serious limitations to the technology behind this site, so don't think of it as more than a curiosity. First, the site does not attempt to track individual systems, so it can be fooled by the use of dynamic IP addresses, which most residential ISPs use routinely. Records that show allegedly infringing use from your computer may actually be reflecting the activity of another system that had the same IP address on an earlier date.

Similarly, is not capable of seeing through firewalls that use Network Address Translation (NAT) to group multiple systems behind a single IP address. This limits its use as a tool to track the activity of your own users, as you’ll only be able to tell that someone may have illegally downloaded content, not the internal IP address of the system involved. Unless you have other records to correlate with the site, you won’t be able to take direct action in response.

Finally, it's worth noting that most of today's firewalls and IDS/IPS devices are capable of detecting and, if necessary, blocking P2P traffic. So while sites like can offer a helpful secondary check to determine whether network users are somehow circumventing controls, most organizations should be able to keep P2P network traffic under control without breaking a sweat.

This was last published in July 2012

Dig Deeper on Security Awareness Training and Internal Threats-Information