AnimeSuki.com Forum

AnimeSuki Forum (http://forums.animesuki.com/index.php)
-   Download Help (http://forums.animesuki.com/forumdisplay.php?f=21)
-   -   Lots of garbage traffic (http://forums.animesuki.com/showthread.php?t=87135)

SeijiSensei 2009-10-09 21:43

Lots of garbage traffic
 
I run a pretty tight ship here with a PC running Linux as my firewall and extensive iptables rules and logging. I have one open port for BT (and a couple of others like port 25 for inbound smtp to my mail server); otherwise everything is denied. I use the same port for TCP/IP BT connections and for DHT over UDP.

I've noticed that when I start a torrent I get an enormous amount of traffic on a wide variety of other ports. A lot of it is UDP to my port 1024; some of it is either TCP or UDP from high ports (>1023) to other high ports. All these packets are refused at the doorstep, of course, but they do tend to litter my logs. The source IP addresses range all over the world, though reverse DNS lookups show many of them to be residential users on cable or DSL connections.

Is listing myself on a tracker an invitation for attacks by malware-infested computers? Is this a common occurrence during torrents? I haven't read the technical literature on BT lately, but this doesn't seem to be widely discussed. Of course, most people using BT have simple routers without logging so they'd never notice this deluge of traffic.

As someone who has managed email for over a dozen years, I'm used to being pounded by compromised machines spewing spam and virus-infected emails. But this traffic is distinctly different; it spans a much wider range of ports and uses both TCP and UDP. There are certainly obvious attacks against well-known services like ssh in there as well, but they are a drop in the bucket compared to the amounts of garbage traffic I see during torrents.

Vexx 2009-10-09 23:23

I'm going to guess you're seeing queries from zombies in a bot-network. As soon as you show activity that has historically proffered a high "pwnage" success rate (e.g. filesharing/torrents/etc by less-than-tech-literate souls), they're going to see if they can add you to the horde. Are there typical ports being touched (as in ranges of ports common to irc, certain games, etc?).

SirJeannot 2009-10-18 17:35

Did you dump some traffic to see if those sessions match requests sent by your own computer? Just to make sure it's not the fw not understanding specifics about a protocol requiring meeting on another port. it happens with h.245 for instance.
I'm nonetheless very annoyed as well with all that garbage traffic, it really depends where you are on the internet... (yep, public "spaces" are real playgrounds, like airports, hotels, ...)


All times are GMT -5. The time now is 09:24.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.