Jump to content

Causing Port Scans


Recommended Posts

To try to get off your ISP's "radar" for port scans, try doing this:

Turn off DHT (both kinds).

Disable Resolve IPs under the Peers Window. (That's expensive window-dressing considering it doesn't help download+upload speeds any.)

Reduce half open connection max to maybe 1-4. (You're not firewalled in µTorrent, right? ...so it shouldn't hurt as much as you might think!)

Disable resolve country flags in advanced.

Disable "Enable Local Peer Discovery".

Lastly, reduce total connections to 100 or less.

...maybe even as low as 20 per torrent, though 40 is probably better.

Just like Ultima (CORRECTION: I mean) DreadWingKnight said, your ISP is trying to bullshit you.

They can't tell the activity is or is not a port scan probably...and just don't LIKE all the activity in the first place!

...you think Ultima would say anything different? :lol:

Link to comment
Share on other sites

Thank you everyone. I have changed the settings that you recommended and I will wait to see if I get another message or not. I last received a message at 16:00 on 9/9 and they seem to come every 8 hours or so. I will let everyone know if the recommendations fixed it or not.


I have received three more emails from my ISP so those suggestions did not work. Any other ideas before they turn off my connection to the Internet?

Link to comment
Share on other sites

  • 3 months later...

In the newest versions of µTorrent, you have to turn off Local Peer Discovery. That creates oddball packet types (multicast) that µTorrent didn't use before. ISPs shouldn't mind that because they should "die" trying to cross a subnet ip boundary, but sounds like not.

UPnP, DHT, and Resolve IPs should definitely be disabled.

Try half open connections set to only 1 for a long time.

The only other thing I can imagine is it's *NOT* µTorrent that is doing this...you may have a virus/trojan/spyware on your computer doing that instead.

Link to comment
Share on other sites

  • 3 months later...

Don't worry, many ISP's are blocking torrent's because they are "internet killers" as the ISP's calling them. When protocol encription is on, they have no way to stop you, just to block trackers, but they can't block every tracker. In that case, DHT is the only window out. I have the same problems with my ISP but not port scans as he never reported that back to me, but I have many that kind of attempts on me. Try for instance to put zone alarm. Yes, many here doesn't like it, but it's cutting that kind of outgoing traffic and also local peer incoming scan. Reality is, ISP look at your connections and see 30-40 conn (they don't see what but you see like this e.g. googletalk 1, skype 2 or more, antivirus 2 or more, and utorrent, 20 or infinite, depends how many conns you allowed). As they can't see what are you doing, but see the opened connections, imidiatelly they assume: 1. You are having trojan, virus or some other malware and 2. you are using torrents. In every way, this is not good for them so they will do anything to stop you from doing that. In this point, their radar is set on you. Everything that happen is now loged. So now, they will have a reason to shut down your connection or to cut down your bandwight. I went through this and there is a way to fight back and fool them.

I'm assuming that you are on windows XP.

1. Local peer discovery should be turned off. It does scan out local peers, 1900 port I think (don't take me for granted on this)

2. DHT is disabled if you are using private torrents what is highly recommended in your case. Try to use private torrents (demonoid, leecherslair, tvtorrents (tracker goes through p2p blockade :) but you need to use port over 10000 on thet one), scifitorrents... )

3. resolve ip's and other turn of because it sloving down dl sometimes.

4. as low as it is possible in the connections, even 10 if possible. That is why use of private torrents is highly recommended. Avoid public torrents for now.

5. Try to use ports 81, 333, 334, 444, 667. Avoid 333 if you are using flashget or don't use them in the same time. 333 port is my favorite because flashget using it so ISP don't pay an attention to it much :D. Reason: mostly, for torrents are commonly used and recommended ports over 10000-64000 and if your ISP is searching for torrent use, they will look first there. Try to avoid them when possible.

6. Protocol encription on FORCED and alow legacy.

7. I installed Kaspersky internet security 6 (BEFORE ZONE ALARM !!!) with STEALTH enabled on internet connection - this antivirus is something that here people hate a lot and it does somethimes slow down your sistem... Avoid KIS 7. It has some problems with firewall. On dual lan, it's making havok!

8. Zone alarm instaled!!! Yes, 2 firewalls :( This making yor life a crap when installing something and need allowed it to the internet, but it's work... I don't know does any other firewall can do the same job and many guys here are hate it and sugesting something else but this combination is work for me :D

9. Try Peer guardian 2. However, it does not blocking everything that it should and somethimes it block even things that it not suposed to, but just try it. If you need dht to run, use it. p2p, adds and spyware leave on. Plus, many guys here said that it won't do no good, but you have nothing to loose.

10. Try utorrent 1.7. for a start, and try switch to 1.8 later and don't immidiatelly install teredo.

11. Turn off ALL SHARES on your pc and turn off searching for shares on your network!!! (Use x-setup for that)

12. Try to disable netbios over tcp/ip (warning: remember what are you changing so you can revert changes!!!)

13. From services, disable windows time, automatic updates, routing and remote access, media player network sharing, background inteligent transfer service, network dde i network dde dsdm, also try to disable ssdp discovery service and universal plug and play.

14. Do you have an ups? Does a control software trying to connect on the other devices on the network or try to search for them? If you do, turn that off or block it with firewall.

15. Last resort... try to reinstall windows. Not repair, full reinstall with hard drive format. Maybe you did pick something from the net. And scan all other drives before accessing them after installing windows.

Link to comment
Share on other sites

Firon... you obviously doesn't have any problems with your ISP, do you? Theory and practice are 2 diferent things. All it takes to experiment in that case. What is useless for you, doesn't mean that it will be useless to someone else ;) . You sound just like my colegue that bet with me and claimed that there is no way on wireless internet to bust bandwight to maximum available on sistem without hacking a router or changing MAC adrress or changing to someone else's ip... Guess what, he lost ;) In theory, that setting was impossible. Got the point? And yes, my instructions might not to work with sadyer, not completely however, but at some point, it should work. Doesn't matter that theory says diferent. And that is why it should work. Firon, you are thinking like a true administrator ;)

And Firon... delete your post, and delete this one. Same rules for everyone?

Link to comment
Share on other sites

I take more issue that you provided a list / procedure on a 3 month old thread personally.

I have a theory you meant to post this on the more recent "internet killer" thread however theory is not practice as you say :P

I don't get your example. If you're talking about 100% usage of wifi signals you're... confused. On-par with wired internet you cannot get 100%, the best you can possibly scrape is 98% because there will always be overhead. As far as bittorrent traffic goes, you can max your connection with ANY of the multi-homed linux mirrors (http://www.slackware.com/torrents/ is referenced here often)...

Link to comment
Share on other sites

Switeck... you got the point with that. But, connecting a peer without protocol encription... hmmm... I think it would failed if I'm not mistaken?

And something I just remembered right now... Enabled UpNP port mapping and NAT-PMP port mapping causing utorrent to scan gateway or DNS server while trying to map the used port? Right?

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...