srdrake Posted July 9, 2006 Report Posted July 9, 2006 Hi, i have a problem.. and i dont know if utorret is the cause...so.. i have these log in the router07/09/2006 08:46:06 **SYN Flood** 83.184.225.36, 4351->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:46:06 **SYN Flood** 83.180.128.118, 55639->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:46:03 **SYN Flood** 83.180.128.118, 55639->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:46:02 **SYN Flood** 88.148.60.236, 4409->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:46:00 **SYN Flood** 83.184.225.36, 4351->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:45:58 **SYN Flood** 88.148.60.236, 4397->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:45:57 **SYN Flood** 84.123.157.28, 1456->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:45:57 **SYN Flood** 88.148.60.236, 4409->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:45:57 **SYN Flood** 83.184.225.36, 4351->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:45:54 **SYN Flood** 88.148.60.236, 4412->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:45:53 **SYN Flood** 88.148.60.236, 4397->> 192.168.2.100, 32459 (from ATM1 Inbound)07/09/2006 08:45:51 **SYN Flood** 84.123.157.28, 1456->> 192.168.2.100, 32459 (from ATM1 Inbound)(and more and more ip´s)so... the utorrent still downloading and uploading, but.. any web load.. i think so.. these IP´s are the people that i have download and upload.. but.. SYN Flood.. is a form of denial-of-service attack.maybe is.. the number of connections in the config?how many in XP professional?Thanks
DreadWingKnight Posted July 9, 2006 Report Posted July 9, 2006 I believe you're misinterperting the traffic.Have you opened and forwarded the listen port of uTorrent for incoming connections?If you haven't, you're bringing this "attack" on yourself. BT clients will wait when they negotiate a connection then find out the user is full.
Switeck Posted July 9, 2006 Report Posted July 9, 2006 Is DHT enabled by any chance?Have you tried changing ports µTorrent uses after a few days/weeks of very heavy use?Once you change ports, can your router block all traffic on the old port?How high is your half-open connections set to?And what about all the settings shown in Speed Guide (CTRL+G)?
srdrake Posted July 9, 2006 Author Report Posted July 9, 2006 I believe you're misinterperting the traffic.Have you opened and forwarded the listen port of uTorrent for incoming connections?If you haven't, you're bringing this "attack" on yourself. BT clients will wait when they negotiate a connection then find out the user is full.the 32459 is open in the router for 192.168.2.100so.. the rest.. i dont understand Is DHT enabled by any chance?Have you tried changing ports µTorrent uses after a few days/weeks of very heavy use?Once you change ports, can your router block all traffic on the old port?How high is your half-open connections set to?And what about all the settings shown in Speed Guide (CTRL+G)?sorry.. dont understand, what is DHT?change ports¿? is necesary?
DreadWingKnight Posted July 9, 2006 Report Posted July 9, 2006 Linksys routers won't port forward properly to IP addresses within their DHCP range, so you probably aren't getting incoming connections.The port you have selected indicates you're still using 1.5, which we no longer support.
srdrake Posted July 9, 2006 Author Report Posted July 9, 2006 Linksys routers won't port forward properly to IP addresses within their DHCP range, so you probably aren't getting incoming connections.The port you have selected indicates you're still using 1.5, which we no longer support.the router is a SMC 7904"The port you have selected indicates you're still using 1.5, which we no longer support" but... I can put the number of port that i want.. what problem ussing these port in 1.6¿?thanks
DreadWingKnight Posted July 9, 2006 Report Posted July 9, 2006 ISPs are more likely to monitor or filter default ports.The "problem" of not forwarding to DHCP range IPs isn't restricted to Linksys routers. You should consider trying a static IP in the same subnet but outside of the router's DHCP range.
Klaus_1250 Posted July 9, 2006 Report Posted July 9, 2006 Seems like SMC has put in a real low number for the maximum incomming connections per second or what it considers to by connections for a SYN-flood. Firmware up to date? Can you edit it somewhere?
Switeck Posted July 9, 2006 Report Posted July 9, 2006 DHT and UPnP is talked about in the µTorrent FAQ. It's especially important to read the FAQ if you're having problems.If you're REALLY getting a SYN Flood on the old port, you better change ports pretty soon...or your computer may not be able to access here again to ask for further help!
Klaus_1250 Posted July 9, 2006 Report Posted July 9, 2006 What might help in such a situation is sending back ICMP Port Unreachable, unfortunately, firewalls are keen to block these and I'm not sure many p2p-apps implement listing for them anyway :-(
srdrake Posted July 10, 2006 Author Report Posted July 10, 2006 well dont know.. at this time.. i dont see anytime the log of the router.. so.. i dont know if is a normal situationbut.. today.. the log of the router... have any lines, like:**TCP FIN Scan** x.x.x.x, port ->> local ip, 32459(from ATM1 Inbound)**Smurf** x.x.x.x, port ->> local ip, 32459(from ATM1 Inbound)so.. dont know if is normal or not.. but.. the in the router.. the port 32459 have open, and in the firewall of the pc, utorrent have permission------i modify XP to admit 100 connections, and in utorrent I have 200, perhaps that excess of connections, causes that router it rejects them and considers flood?
Klaus_1250 Posted July 10, 2006 Report Posted July 10, 2006 I think some p2p-software uses TCP FIN scans to see if hosts are still online, but it could also just be some sort of port scan or attack. Smurf-attacks are DoS-attacks, using ICMP-echo's and broadcast addresses, but that doesn't make sense as you logfile seems to talk about TCP/UDP packets for the Smurf-attack?
Switeck Posted July 10, 2006 Report Posted July 10, 2006 i modify XP to admit 100 connections, and in utorrent I have 200, perhaps that excess of connections, causes that router it rejects them and considers flood?You are probably talking about half-open connections -- which is how many NEW connections to make at once. Even a value of 50 is pretty much excessive, as that means make 50 new connections possibly every couple seconds. The default of 8 works just fine -- I even reduced mine to 4.µTorrent's half-open connection rate simply MUST be lower than Win XP's or there will be all kinds of problems!
srdrake Posted July 10, 2006 Author Report Posted July 10, 2006 i modify XP to admit 100 connections' date=' and in utorrent I have 200, perhaps that excess of connections, causes that router it rejects them and considers flood?[/quote']You are probably talking about half-open connections -- which is how many NEW connections to make at once. Even a value of 50 is pretty much excessive, as that means make 50 new connections possibly every couple seconds. The default of 8 works just fine -- I even reduced mine to 4.µTorrent's half-open connection rate simply MUST be lower than Win XP's or there will be all kinds of problems!well.. what u think... in your oppinion.. that is the best config to ADSL 1M(down) to1-global max connections2-maximun number of connected peers per torrent3-number of upload slots per torrent4-max number of active torrents (upload or download)5-max number active downloadsso.. i have 1-2002-503-44-45-4and.. in the xp, with "xp antispy" i modify the connections to 100so.. dont know if this connectios are related to points 1 and 2well.. i go to search into the faqI think some p2p-software uses TCP FIN scans to see if hosts are still online, but it could also just be some sort of port scan or attack. Smurf-attacks are DoS-attacks, using ICMP-echo's and broadcast addresses, but that doesn't make sense as you logfile seems to talk about TCP/UDP packets for the Smurf-attack?dont know.. is the first time that with a p2p program.. i see the router-logso.. dont know if is a normal log.. or somebody try to attack me, or down my router.. or.. dont know..
Switeck Posted July 10, 2006 Report Posted July 10, 2006 "and.. in the xp, with "xp antispy" i modify the connections to 100"That is probably the half-open connection limit rather than total connections.Did you change any advanced settings in µTorrent?
srdrake Posted July 10, 2006 Author Report Posted July 10, 2006 no dont change any advanced settings.. the box says "DONT CHANGE" well maybe dont be anything important.. just i try to know.. so.. then the xp connections.. dont are related, not?
srdrake Posted July 11, 2006 Author Report Posted July 11, 2006 silly? maybe so.. the last question.. i promise dont disturb more.. at the moment so.. utorrent 1.6 into the logger tab.. write.. every 20 minutes +- upnp: port x is already mapped, not re-mappingis normal? utorrent 1.5 only say that at startand.. in enable UPnp port mapping check or not?thanks, and please sorry for all
DreadWingKnight Posted July 11, 2006 Report Posted July 11, 2006 Normal, as it checks in with the router to make sure something else doesn't remove the mapping.
Firon Posted July 12, 2006 Report Posted July 12, 2006 It's designed so that if the router reboots or whatever, the port will stay mapped.
srdrake Posted July 12, 2006 Author Report Posted July 12, 2006 well thanks a loti think that i have disturb to much for this version, maybe more next version THANKS
Recommended Posts
Archived
This topic is now archived and is closed to further replies.