1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Azurues security concerns

Discussion in 'Windows - P2P software' started by Steviebon, Jan 10, 2007.

  1. Steviebon

    Steviebon Member

    Joined:
    Jan 10, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Why do I continue to see steady traffic inbound AND outbound on the port opened for Azureus in my syslog even when all torrents are stopped and Azurues shows zero activity?

    I have a very good hardware firewall in place. Only Azurueus can access this port.

    The only way to kill the outbound traffic is to close Azurues. At that point, the outbound traffic stops but the inbound does not (assuming clients are continually trying to connect). Does Azurueus NOT send some sort of STOP or KILL message to all connected Peers when a torrent is stopped?

    Is this evidence of a hack? a bug? decentralized or anonymous tracking/peers?

    Even after closing Azureus, all the inbound traffic can continue to clog the router and slow over all connection speeds for all computers on the subnet.

    Should I be concerned about this?
     
  2. afunguy24

    afunguy24 Member

    Joined:
    Sep 27, 2005
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    16
    well you said it your self its a open port. SO people gonna attack it. Try closing it for a couple 30 minutes or so and see if people still scanning that port. My advice is not full proof dont guarantee this will solve the problem.
     
  3. Steviebon

    Steviebon Member

    Joined:
    Jan 10, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Well thanks, I'm going to have to use a sniffer to see exactly what the traffic is... thing is, it's using AZu whatever it is. Upon stopping Azu, all outbound traffic ceases immediately. Inbound doesn't stop right away and is coming from multiple IP's. It seems like it could be decentralized tracking or something that doesn't stop sending requests when AZU stops all torrents. I also noticed that changing port numbers did nothing. However, disabling DHT and decentralized tracking 'may' have solved the problem.

    If it's normal traffic from decentral ok. If not, it's somebody using AZU to do something unannounced. That's my concern. However, if there were a hack that allowed someone to take control of AZU without the tracker showing any activity in the GUI you would think it would be a known bug.

    I haven't had time yet to experiment with other clients.
     
  4. TomMelee

    TomMelee Regular member

    Joined:
    Jun 13, 2004
    Messages:
    770
    Likes Received:
    0
    Trophy Points:
    26
    ...it's azureus attempting to update the DHT and/or safe-peer, whatever other plugin.

    ~Melee
     
  5. FishMitts

    FishMitts Member

    Joined:
    Feb 5, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    I also seeing very heavy traffic to my router several days after I shutdown azureus. It seems like all the peers, that I had connected to my torrents continuously try to connect.

    I have tried closing down torrents, before closing azureus, to just blocking off the incoming port on my router.

    My router logs still report about 10000 blocked incoming connection attemts per hour on the port I use for azureus.

    I fail to see how this is azureus attempting to update the DHT, or any other plugin. This is other bit-torrent clients continuously attempting to connect to my IP, days after I close my client.

    I am very interested to hear if there is a way to stop this, I'm sure its putting a lot of unnecessary strain on my router.

    -Fish


     
  6. Steviebon

    Steviebon Member

    Joined:
    Jan 10, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I agree with you... this is not DHT, I have it disabled and the problem persists... syslog shows many thousands of repeated attempts by various IP's to connect... most of the time a single reply is made (a reset) nevertheless it takes many hours, sometimes days, for all this traffic to subside. Closing down Azurues kills the outbound responses in syslog but does nothing to wain the onslaught of inbound requests to the port. Changing the port does nothing.

    I have been unable to get any response from Azu support on this.
     
  7. FishMitts

    FishMitts Member

    Joined:
    Feb 5, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
  8. Steviebon

    Steviebon Member

    Joined:
    Jan 10, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    interesting.... other clients dont seem to have this problem tho
     
  9. FishMitts

    FishMitts Member

    Joined:
    Feb 5, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    I think it will depend on what torrents you are hosting (and what peers are trying to connect to these torrents) and what trackers you use more than which client.

    -Fish
     

Share This Page