He pulled up the physical location. Server room B, rack 4. The machine wasn't in a dorm. It was an official university server.
He pulled the packet capture. He expected to see encrypted uTP or µTP traffic. Instead, he saw a flood of HTTPS requests to a legitimate cloud storage CDN. GET /video/segment_001.ts . POST /upload/cache_chunk . It looked like a Netflix stream. It looked like a Zoom call. Blacklist Torrent
Whoever was running the node wasn't a student downloading "The Batman." This was a professional—or a very clever researcher. They were using WebTorrent , a protocol that tunnels peer-to-peer traffic inside WebRTC, masking it as standard HTTPS web traffic. To the blacklist, it was invisible. To the firewall, it was a saint. He pulled up the physical location
For three weeks, the campus internet had been dying. Every day at 2:00 PM, latency spiked to 2,000ms. Video lectures froze. The library’s VOIP phones clicked and stuttered. The provost was furious. It was an official university server
Instead, he wrote a new firewall rule: Rate-limit unknown WebRTC to 10 Mbps per device. It wasn't a blacklist. It was a compromise.
The next morning, the network was clean. And at 9:05 AM, an elderly woman with wild grey hair and a laptop bag full of Ethernet adapters sat down across from him.
“How?” he muttered.