favetvshows1x3 Posted September 17, 2006 Report Share Posted September 17, 2006 I first downloaded uTorrent today. I then proceeded to download a torrent. I then exited the program, and noticed, a few hours later, that the Ethernet light on my router was still blinking (quite rapidly, too). Curious, I opened McAfee Personal Firewall's Incoming Events log. Lo and behold, I had over 2000 incoming (blocked) connections to the port I had opened for uTorrent...after I had closed the program. I reopened it, randomized the port, did NOT open a new torrent (...!), and just let it sit for a while. The connections slowly shifted over to this new port, but I'm still getting attacks on the old one every once in a while. How do I reclose this port (if that's the problem; if not, what is?)? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 17, 2006 Report Share Posted September 17, 2006 It's not an attack. It's the leftovers from your previous session.If you have DHT on, it's probably NOT connections like your (overly paranoid) firewall is claiming. Link to comment Share on other sites More sharing options...
favetvshows1x3 Posted September 17, 2006 Author Report Share Posted September 17, 2006 What do you mean by "leftovers?" And, not to be patronizing, how does that explain the 'connections' to the port that I never downloaded anything on?Hacking or not, these stupid things are clogging up my logfile, and I hate them... Link to comment Share on other sites More sharing options...
Ultima Posted September 17, 2006 Report Share Posted September 17, 2006 Even if you didn't download on the port, you were (presumably) using DHT, and that means you announced that port change on the network, after it changed, regardless of whether you downloaded. The so-called "leftovers" occur because DHT is a distributed network, so updates propogate slowly through it. As such, other nodes do not know when you disconnected, and so requests to your computer will keep coming in until everyone finally figures out your computer is disconnected.If you don't like it, disable DHT. You might still get some "leftover" connections, but it won't be as severe as it is now. It happens because that's just how BitTorrent is -- it's *essentially* decentralized after people get the peerlist from the tracker, so people don't know when you disconnect until they've tried connecting to you. Link to comment Share on other sites More sharing options...
favetvshows1x3 Posted September 17, 2006 Author Report Share Posted September 17, 2006 Ah, I see. I almost broke my computer running VirusScan, HijackThis, Spybot S&D, and AdAware at the same time, trying to see what the crap was going on, but it's really nothing to worry about, then.Thanks for getting back to me so quickly. Link to comment Share on other sites More sharing options...
Switeck Posted September 18, 2006 Report Share Posted September 18, 2006 If it's INCOMING stuff, it's not on your computer. That's computers trying to connect to yours.A Denial-of Service attack does not require any malware of any kind on a computer to work...it just bombards it with "useless" incoming packets.But like Ultima said, it's probably just a side-effect of you running µTorrent -- other computers remember your ip and can continue attempting to make connections with it even a week later. If your firewall sees that and goes nuts...I'd say your firewall is the "malware" here! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.