eddiezack Posted May 17, 2007 Report Share Posted May 17, 2007 I use uTorrent for downloading for some time. After I installed it everything seems to be ok. But after I downloaded something, I observed there is a constantly small traffic (arround 1-2kB/s) to internet even if there was no application wich normally use internet. I looked in Sygate's firewall traffic log and i observed that Sygate allowed incoming connections from outside to c:\windows\sistem32\drivers\IPNAT.sys, at the same port set up to me in uTorrent incoming connections, using TCP and UDP protocol. I make a rule that block incoming connections to THIS (IPNAT), and after that my uTorrent start crashing with the same simptomps described from other users in Troubleshooting/Crashes posts. So. There is obvious that uTorrent has modified something to my computer settings or maybe even an apllication to gain acces from outside world to my computer even if uTorrent is stopped. This kind of behavior is common to SPYWARE. Can the creators of the programs tell us what this program does in background even if the program is stopped? If my post will be deleted and we will not have an answer I will invade the forums with this... Because is obvious that is not a compatibility problem, as the creators use to explain... Something bad is hidden in this program... So...? I wait.I forgot to mention that after a system restore in a system checkpoint before the download, the traffic from outside has dissapeared. Now, maybe I was wrong when I said the programmers are responsible of that, but if they are not, there is a serious security problem with this program. I think there could be an exploit wich using a vulnerability of the program get control to your computer or/and is capable to get data from your computer... so, sorry if this wasn't intended by the programmers...Well ... it's now an hour since i post this, and i deactivate the blocking rules in Sygate firewall... now uTorrent still crashing... something seems to be modified or in computer settings/uTorrent settings, and i keep beeing invaded of incoming connections to the port i set up for incoming connections in uTorrent settings... keep in mind that uTorrent it is not started... I decide now: even if uTorrent programers intend or not this to happened uTorrents sucks...I'm sorry for this, because i use to like it...I will do a system restore in a point that everything was ok, and.. good bye uTorrent! Link to comment Share on other sites More sharing options...
Ultima Posted May 17, 2007 Report Share Posted May 17, 2007 If only you understood how t3h internets worked, or how BitTorrent worked. If people call your telephone without you calling them first, I guess that means your telephone is spyware, yes? Are you saying µTorrent is supposed to be able to tell OTHER people's computers that they can't connect to your computer? Sorry, that's not how things work. Since you can decipher firewall logs, go get WireShark, log the packets being sent and received, analyze them, and show us proof that µTorrent is doing anything remotely close to "SPYWARE" activity. Link to comment Share on other sites More sharing options...
eddiezack Posted May 17, 2007 Author Report Share Posted May 17, 2007 I said there is traffic to uTorrent !!!!! port !!!!! (not to uTorrent) EVEN when uTorrent is STOPED! do you want your phone to send what you talk when you think it's stopped?First time after i used uTorrent and I observed the traffic, i thought that is maybe anything else... that is why, third time when this happened to me I studied what might be the problem. Only system restore have fixed the problem the first two times... the traffic reapear EVEN after restart, when i connect to internet!So, don't bullshit me!Right now, because i didn't make a system restore, my computer is continuous flooded with incoming connections from different IP-s at the port that i used for incoming connectionsto uTorrent...If you want, I'll submit a screenshot of sygate's traffic log.Ultima, you don't even read the first post... Cause you think you're WISE... in fact, as I said, not uTorrent is the target, but IPNAT.sys. and this is happened ONLY after I install uTorrent, and AFTER i download something, WITHOUT to launch what I downloaded. So u can't blame what i took from the net...And a last word: Why when i blocked incoming traffic to IPNAT.SYS, and ONLY to this program, uTorrent start crashing, asking me to disable firewall? And never before that was happened to me! By the way, IPNAT is started as I observed, only when I start my seccond computer, to enable the internet connection sharing... Link to comment Share on other sites More sharing options...
Firon Posted May 17, 2007 Report Share Posted May 17, 2007 Computer newbies should never be allowed to see firewall logs.The traffic you see when torrents are stopped is DHT (read the FAQ to know what it is). You could've figured it out with 15 seconds of research. Link to comment Share on other sites More sharing options...
eddiezack Posted May 17, 2007 Author Report Share Posted May 17, 2007 Ok. I got it. But what DHT does have with ipnat.sys? Especialy because IPNAT is launched ONLY when I start my second computer (connected to this one). Normally uTorrent work WITHOUT ipnat.So?I observed that the incoming connections has been stopped now. You believe it or not, i had a feeling that could have something to do with DHT, `cause i read something about. but i don't see the connection with IPNAT. And a second observation. Sygate usualy display the programs which is trying to connect to internet. Why, after I stop uTorrent, it appear and dissapear at very short intervals, measurable in seconds?I, and everybody else, I think is usual that, if I stop a program, it really stop. Not start-stop-start-stop-start-stop.... etc...well... thanks anyway for a second more qualyfied opinion.. I wanna think that is nothing wrong with uTorrent... `Cause I like it.. But I just wanna be sure...thanks.and, excluding everything that was written: what is with that traffic when uTorrent is stopped? and computer restarted?I have to comment: "Computer newbies should never be allowed to see firewall logs."Another wise guy... Have you been born with all these knoledges?Is there anyone not so selfpleased? selfcontent? Whom I can talk about an issue? A REAL one? Link to comment Share on other sites More sharing options...
Switeck Posted May 18, 2007 Report Share Posted May 18, 2007 Just a little bit of info about ipnat.sys:http://www.file.net/process/ipnat.sys.htmlhttp://www.microsoft.com/technet/community/columns/cableguy/cg0605.mspxhttp://technet2.microsoft.com/WindowsServer/en/library/3ccb6af5-d960-4a8d-b12b-70692dc47bf41033.mspx Link to comment Share on other sites More sharing options...
eddiezack Posted May 19, 2007 Author Report Share Posted May 19, 2007 What can I tell you and it is not written in your links (out of topic) is that ipnat use the technology of Sygate's Internet connection sharing, a program made for previous versions of windows, and discontinued `cause their technology has been bought by Microsoft. That's what ipnat is. good guys those who made sygate... their firewall was bought too, by norton, and included in Norton Internet Security.and i have to tell you that i used sygate's internet connection sharing before, so i know and understand wery well what ipnat is.Now, back to the topic. I use now opera to get torrents, and i observed the same traffic but this time at the port for incoming connections, set in opera (even if opera is stopped!). I have to humble recognize that I was wrong when I said what i said about uTorrent, and i'll continue use it. Seems the traffic is related with any program which use torrents technology. Maybe, as Firon says before, with DHT. Sorry.. about what i was wrong... I think you can move this to trash... Link to comment Share on other sites More sharing options...
Switeck Posted May 19, 2007 Report Share Posted May 19, 2007 Ok, well to catch up to speed on ipnat.sys...it's good to know who bought out who in the computer business world. However when you told your firewall to block ipnat.sys, since µTorrent probably depended on ipnat.sys handling the low-level networking stuff...that's probably why µTorrent crashed while ipnat.sys was blocked.Even if you don't use DHT, there will STILL be peers and seeds on the torrents you were previously running "calling back" later...hoping you've reconnected. µTorrent running or not, that torrent active or not doesn't matter...they don't KNOW till after they try your ip. Your software firewall sees that traffic...and depending on what port the "callers" are on, (though they're connecting to your µTorrent's listening port) can even mistakenly think "OMG they're trying to send email viruses to me!"It's easy for people who don't understand this stuff to assume the worst with the uninformative way most software firewalls report connection attempts.Paranoia doesn't prevent "them" from being out to get you, only your ability to discern who they are.Once you read a bit about blocking hostile ips, you'll know what I mean. The random hacker (by hacker I mean someone who messes with computers, not 'cracker') by comparison is nearly the good guy. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.