rob61 Posted September 11, 2007 Report Share Posted September 11, 2007 With Comcast in Michigan... I've read about them implementing SandVine technology in attempts to throttle bit torrent traffic. However, up until today, things were working ok here. However today, every torrent I'm seeding or leeching (8 at the moment) have a RED icon and tracker status reports OFFLINE. I can browse the internet, although it does seem slower. The torrents are using different trackers, so it seems very strange that all 4 trackers are now showing up as OFFLINE.The seeds are giving extremely low uploads, with fair download speeds (those that are still downloading) even though the trackers are reported as being offline.I had enabled encryption a few days ago. So, is this what happens when Comcast turns on SandVine technology? Or is it something else? Also, would SBC (ATT) DSL have this same issue? Anyone around west MI using SBC DSL that can report on torrent results for your service?Anyone have ideas?Update =====I changed the uTorrent port and my port forwarding to another number, and now get the torrents showing normal (not where tracker can't be found). I rebooted my router, modem, and computer and now the tracker not found problem seems to be gone. I do notice a slower than normal reponse today on the internet. Not sure if it is related. Perhaps someone was attacking the open port?Update 2 =====Tried adding another torrent from a different tracker, and now ALL torrents are again RED - tracker offline. Something is going on, and I suspect it is Comcast. The internet connection is slower than usual, and the Battle Creek, MI hop is very sluggish. I wonder if they have installed SandVine there today.Update =====Yesterday, 3 cities in this Michigan area experienced outages with Comcast. Now that service is again on - a day later - torrents will work a little while, then one by one, each torrent goes "red" showing tracker offline. I can get them going again by changing my listening port via my router and within utorrent. This seems to work for an hour or so, as then each again go red. I think Comcast has implemented SandVine technology in this area as of yesterday when the "outage" occured. Now seeding torrents has become impossible. I will next scan my computer as you suggested and report back. Link to comment Share on other sites More sharing options...
Switeck Posted September 11, 2007 Report Share Posted September 11, 2007 Or it could just be a virus on your computer trying to send out 1,000+ emails a minute.Have you used Process Explorer and/or HijackThis! to determine what else is loading in the background on your computer?If so, can you post the logs? Link to comment Share on other sites More sharing options...
rob61 Posted September 12, 2007 Author Report Share Posted September 12, 2007 Here is the log from Process ExplorerOne other finding.... I tried running uTorrent on my laptop going through the same router (dif IP obviously so I set up port forwarding to that one as well). Its been running one torrent (as opposed to several) for a couple hours and no problem with the tracker. However on my main computer, I've reset the ip (don't use dynamic on my LAN except for wireless) and changed the open port and port forwarding. Still have the problem.If I reset my listening port in uTorrent (1.6), and then open the same port on the router, it works for a while, then one by one, the seeds show up as offline (red). Then, if I change the listening port to something different along with the router port forwarding, it will be good for an hour or so... until then slowly start to turn red again (showing offline). I can ping them, and when I reset, downloads and uploads continue. What might be causing uTorrent to indicate tracker offline (when it tries to refresh I presume)? Do you think this is part of Comcast and their use of Sandvine throttling technology? Or does this machine have a virus? I run AVast and use Sygate firewall constantly. This on top of the NAT in my router. I recently ran a piece of software that I wasn't sure about, and also accepted an active X from a website (respectable). But I don't find ANYTHING in my running processes that indicate something I'm not sure of. I'll include a printout. I'll also include the hijackthis log. I've checked both but don't seem to find anything suspicious.UPDATE *********************Hmmm, perhaps a rogue torrent??? I eliminated one of the torrents, and the problem seems to have vanished. Would it be possible for someone to obtain IP info from the connections and then try attacking that port/computer? If so, they were successful in getting uTorrent to show torrents with tracker offline while the torrents continued to transfer.END OF UPDATE ***************Process PID CPU Description Company NameSystem Idle Process 0 98.46 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 768 Windows NT Session Manager Microsoft Corporation csrss.exe 816 0.77 Client Server Runtime Process Microsoft Corporation winlogon.exe 840 Windows NT Logon Application Microsoft Corporation services.exe 884 0.77 Services and Controller app Microsoft Corporation svchost.exe 1068 Generic Host Process for Win32 Services Microsoft Corporation wmiprvse.exe 2184 WMI Microsoft Corporation svchost.exe 1136 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1224 Generic Host Process for Win32 Services Microsoft Corporation wscntfy.exe 2880 Windows Security Center Notification App Microsoft Corporation Smc.exe 1256 Sygate Agent Firewall Sygate Technologies, Inc. svchost.exe 1292 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1380 Generic Host Process for Win32 Services Microsoft Corporation aswUpdSv.exe 1424 avast! Antivirus updating service ALWIL Software ashServ.exe 1480 avast! antivirus service ALWIL Software spoolsv.exe 1748 Spooler SubSystem App Microsoft Corporation IAANTmon.exe 712 RAID Monitor Intel Corporation nvsvc32.exe 736 NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation svchost.exe 804 Generic Host Process for Win32 Services Microsoft Corporation wdfmgr.exe 176 Windows User Mode Driver Manager Microsoft Corporation ashMaiSv.exe 2112 avast! e-Mail Scanner Service ALWIL Software ashWebSv.exe 2236 avast! Web Scanner ALWIL Software alg.exe 2960 Application Layer Gateway Service Microsoft Corporation lsass.exe 896 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 2012 Windows Explorer Microsoft Corporation IAAnotif.exe 220 Event Monitor User Notification Tool Intel Corporation aaCenter.exe 252 AiNap.exe 276 ashDisp.exe 304 avast! service GUI component ALWIL Software PWRISOVM.EXE 356 PowerISO Virtual Drive Manager PowerISO Computing, Inc. E_FATIAIA.EXE 368 EPSON Status Monitor 3 SEIKO EPSON CORPORATION cledx.exe 464 Team H2O CLEDX Team H2O acrotray.exe 500 AcroTray Adobe Systems Inc. ctfmon.exe 524 CTF Loader Microsoft Corporation ScannerFinder.exe 568 SDII MFC Application utorrent.exe 1532 firefox.exe 3856 Firefox Mozilla Corporation procexp.exe 2572 Sysinternals Process Explorer SysinternalsHIJACK THIS LOGLogfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 5:33:33 PM, on 9/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\ASUS\AASP\1.00.05\aaCenter.exeC:\Program Files\ASUS\AI Suite\AiNap\AiNap.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXEC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\uTorrent\utorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Rob\Desktop\HiJackThis_v2.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exeO4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exeO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exeO4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missingO17 - HKLM\System\CCS\Services\Tcpip\..\{2C62C74D-B2DC-4374-8319-AD083684B95C}: NameServer = 192.168.1.1,192.168.1.2O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exeO23 - Service: TTHXCBMAEO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Rob\LOCALS~1\Temp\TTHXCBMAEO.exe Link to comment Share on other sites More sharing options...
Switeck Posted September 13, 2007 Report Share Posted September 13, 2007 This one really stands out:O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missingYou probably need to get LSPfix and run it.Get LSPfix from:http://cexx.org/lspfix.htm Link to comment Share on other sites More sharing options...
rob61 Posted September 13, 2007 Author Report Share Posted September 13, 2007 Thanks. I had removed the Bonjour folder as I had suspected it to be a problem source. It is installed with Adobe CS3 and is at least bloatware. Further research allowed me to find a good posting on how to remove it and then I applied the fix you suggested, removing the last registry entries to it.Thank you for your help. Woa is us who are part of the Comcast network and their attempts to shut down P2P. I believe the initial experiece I had of all torrents going red were part of a rogue torrent. Once removed those issues went away.However, I was still experiencing problems with no seeding after a download completes. This is indeed a part of Comcast and the torrent sharing (removal) they are doing with Sandvine.Luckily, further research uncovered a simple, free software firewall that filters out the RST commands Comcast and Sandvine are using to disconnect the seeding attempts. Thanks again for your help. Link to comment Share on other sites More sharing options...
LampShade Posted September 14, 2007 Report Share Posted September 14, 2007 Rob61,Would you mind sharing that "simple, free software firewall" solution with us? I've been searching for this as well. I have found solutions, but they are neither simple nor free, mainly involving using a VPN service.Can you verify that after implementing the solution you found, does uTorrent report in its Speed Guide that the port is forwarding for you?Thanks much!LampShade Link to comment Share on other sites More sharing options...
liveordie Posted September 17, 2007 Report Share Posted September 17, 2007 there is no simple "free firewall software" solution. Period. Rob61 is refering to linux iptables and using them to filter out the RST packets. However this was debunked shortly after it was released. Check out the comments on Digg if you want to read more. http://digg.com/linux_unix/Linux_iptables_Will_Fix_Comcast_s_BitTorrent_Connection_Killingor the windows alternatives both examples can be viewed herehttp://redhatcat.blogspot.com/2007/09/beating-sandvine-on-windows-with-wipfw.htmlalthough its not worth wasting your time. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.