Bitcomet and intrusion attempts....

winterchronic · October 1, 2006, 7:07am

Not really a Bitcomet issue per se, but im sure some of you guys would know about stuff like this.

seems like past two nights when i go to leave my torrents going overnight, as soon as i start bitcomet i recieve a lavasoft firewall warning about a “short fragments” attack attempt, from multiple IP addresses, a WHOIS reveals they are from as diverse places as thailand malaysia and costa frickin rica.

a google search reveals that a “short fragments” attack can often be a false positive , caused by data packet timeouts and the like, so i dotn worry too much.

i wake up this morning and view my log.

i have two “teardrop” attack attempts, and three " nuke attempts" , all from different IP addresses again, strangely enough a WHOIS reveals that one of them is from the very same little town im from, seeing as i know nothing about these matters i start to worry, although my firewall seems to have picked most of these up.

and then when i close bitcomet down, i recieve what the firewall claims is a “Denial Of Service” attack attempt, which again comes from many many IP adddresses, all trying on the exact port i was using with bitcomet.

i start to think, why me? what have i done to be targetted LOL, and then i think, when i was on dial up i never had a firewall and my PC never got “hacked”…

is this going to happen every time i use bitcomet? im a fairly good seeder, i dont have any sensitive info on my PC, and if they want to hack my PC they wouldnt even find anything that interesting to play with. SO whats the point?

Is there anything i can do to stop this? although my firewall is picking all of this up, around 5 connection attempts per second is slowing my internet speed down a fair bit, and its annoying and a bit worrying.

Can any of you guys add some information and/or inpuit on these attacks, what they mean, and how to protect myself please? thankyou very much

The_UnUsual_Suspect · October 1, 2006, 8:10am

Hi,

First thing, Please don’t make duplicate posts, as it requires us to delete them (more work for our moderators), and if we do not, then its hard to keep all replys in this topic.

As for these connections, I thing this is normal. Bit torrent connects you to many peers from any possible area.

I have never used your firewall, but I imagine it is not the best to use with bit torrent.

Each peer you connect with is going to be sending/receiving data repeatedly for the duration of the torrent. These attempts will continue when you shut down the torrent until each of the peers hears from the tracker that you are no longer in the swarm.

Here is a good link if you want to learn about bit torrent protocall…

http://en.wikipedia.org/wiki/Bittorrent

If you want a different firewall, I use McAfee, which is one of the best. Sygate is possibly the most secure, but can be annoying, as it will block every single process until you allow it, so takes time to setup.

Now, of course I cannot be completely sure from what you have posted, but I think you are worried over nothing.

Suspect

winterchronic · October 1, 2006, 8:19am

thankyou for your quick reply.

i apologise for posting in the wrong area, i didnt see this area until afterwards.

I did have an idea of the way torrents work, and knew that it COULD be a side effect of the torrent processes.

and the fact this supposed denial of service attack started AFTER i closed down bitcomet does suggest it is merely people still trying to connect untilt the tracker tells them otherwise.

  i suppose if it continues past the normal tracker update time, then i have cause to worry.

as i know next to nothing on this issue, a big flashing firewall alert, does kinda worry you LOL.

Thanks for your help.

The_UnUsual_Suspect · October 1, 2006, 8:41am

You are welcome…

I would also say that its possible you will still get some “requests” for data from peers after tracker updates, and this is even more likely if you enable “DHT” (distributed hash table), since this enables peers to perform the function of the tracker.

However its nothing to be concerned about. Think of it as phone calls coming in, and your not answering. After a while they will stop, and even if they do not, its no big deal since your not answering.

Suspect

kluelos · October 2, 2006, 2:19pm

This sort of absurd, “you’re being attacked!!!” nonsense is merely one of the reasons I generally despise software firewalls. I had one that did that, and also assured me that multiple files had been infected by virii, all false alarms. Finally, when it told me that its own executable had been infected (another lie) I figured that a firewill which can’t even protect itself isn’t much good at protecting the rest of the system.

Best answer is to change firewalls. Among software firewalls, I am told that Kerio has a good and free home use version.

Dark_Shroud · October 3, 2006, 4:59am

Yes, please tell us what Firewall & Anti-virus you’re using.