AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Download Help

Notices

Reply
 
Thread Tools
Old 2009-10-09, 21:43   Link #1
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Lots of garbage traffic

I run a pretty tight ship here with a PC running Linux as my firewall and extensive iptables rules and logging. I have one open port for BT (and a couple of others like port 25 for inbound smtp to my mail server); otherwise everything is denied. I use the same port for TCP/IP BT connections and for DHT over UDP.

I've noticed that when I start a torrent I get an enormous amount of traffic on a wide variety of other ports. A lot of it is UDP to my port 1024; some of it is either TCP or UDP from high ports (>1023) to other high ports. All these packets are refused at the doorstep, of course, but they do tend to litter my logs. The source IP addresses range all over the world, though reverse DNS lookups show many of them to be residential users on cable or DSL connections.

Is listing myself on a tracker an invitation for attacks by malware-infested computers? Is this a common occurrence during torrents? I haven't read the technical literature on BT lately, but this doesn't seem to be widely discussed. Of course, most people using BT have simple routers without logging so they'd never notice this deluge of traffic.

As someone who has managed email for over a dozen years, I'm used to being pounded by compromised machines spewing spam and virus-infected emails. But this traffic is distinctly different; it spans a much wider range of ports and uses both TCP and UDP. There are certainly obvious attacks against well-known services like ssh in there as well, but they are a drop in the bucket compared to the amounts of garbage traffic I see during torrents.
__________________
SeijiSensei is offline   Reply With Quote
Old 2009-10-09, 23:23   Link #2
Vexx
Obey the Darkly Cute ...
*Author
 
 
Join Date: Dec 2005
Location: On the whole, I'd rather be in Kyoto ...
Age: 57
I'm going to guess you're seeing queries from zombies in a bot-network. As soon as you show activity that has historically proffered a high "pwnage" success rate (e.g. filesharing/torrents/etc by less-than-tech-literate souls), they're going to see if they can add you to the horde. Are there typical ports being touched (as in ranges of ports common to irc, certain games, etc?).
Vexx is offline   Reply With Quote
Old 2009-10-18, 17:35   Link #3
SirJeannot
AT Field
 
 
Join Date: Apr 2003
Location: #animesuki
Age: 17
Did you dump some traffic to see if those sessions match requests sent by your own computer? Just to make sure it's not the fw not understanding specifics about a protocol requiring meeting on another port. it happens with h.245 for instance.
I'm nonetheless very annoyed as well with all that garbage traffic, it really depends where you are on the internet... (yep, public "spaces" are real playgrounds, like airports, hotels, ...)
__________________
"facts Jeremy, facts!"
- non factual Jeremy.

Last edited by SirJeannot; 2009-10-18 at 17:37. Reason: more info
SirJeannot is offline   Reply With Quote
Reply

Tags
bittorrent, malware, traffic

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 23:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.