IPFilter.dat does not block outbound connections

[Ultima]

I suppose a Wireshark log would probably be more revealing in this situation.

Log your packets and check the contents of the packets to see what's in there, if possible.

[Meekrob]

I think I solved the mystery.

I logged my packets and looked more closely. It turns out the IP address in question is a tracker! I don't know why it's listed in the level1 blocklist, but I suppose that's a separate issue.

Am I correct in presuming that IPfilters blocks connections to peers, but not to trackers? If this is the case, it would explain why the torrent client lets it through, but Peerguardian blocks it.

Thanks everyone for the help and suggestions.

[Ultima]

Yes, that's correct, tracker communication isn't blocked.

[Firon]

It's listed in the level1 blocklist because those blocklists are useless and full of IPs that don't have anything to do with anything. They're blocked arbitrarily and usually entire ISPs are blocked on a whim.

[Aoxo]

My comments aren't really about the utorrent client but rather the ip and port mentioned and my similar experience with outbound communications that were blocked with PG2.

I noticed PG2 blocking outgoing communication to 209.50.48.13:80 "Discovery Networks International" and googled up this thread after wondering what program was trying to access this site.

For me its avgnsx.exe (AVG network scan) which is accessing this address, which I think is a recent addition to the AVG free antivirus. I'm guessing it's acting as a proxy between my torrent client but I'm not sure. Not a big deal once I saw the packet logs, this is where it gets interesting. Packet logs are saying the hostname of this IP is "tracker.mightynova.com". Pulling up http://www.mightynova.com I see a site that looks suspiciously similar to www.mininova.com.

A Whois of 209.50.48.13 indeed confirms this IP is registered to Discovery Networks International, the people who bring us "The Discovery Channel".

Domain name: mightynova.com

Registrant Contact: Discovery Networks International

Registrar: ENOM, INC.

Administrative Contact: Nocus Networks L.L.C.

Nocus Networks website is interesting too. "Nocus software is a leader in internet tools, video streaming, and media protection". Services available include media protection as well as peer2peer (p2p).

So I'm left wondering why a major television network is apparently hosting a torrent site. It seems, I dunno, peculiar....doesn't it? Doesn't the Discovery Channel have an interest in protecting their property instead of an interest in supporting P2P? Is this one a honeypot to catch flies or something? Or is this just a different Discovery Networks International altogether?

P.S. On a side note PG2 is also blocking BitTorrentInc 72.20.34.145:80 (www.utorrent.com). I'm a bit confused as to why a program intended to support P2P networking is blocking IPs that support P2P networking.

[daer54k3126ei]

http://tracker.mightynova.com:4315/announce

This tracker has the IP address - 209.50.48.13 ,I think, which is

Discovery Network international - and blocks my internet connections (browsing is really slow) because avira webguard

Avwebgrd's attempt to connect to 209.50.48.13 was caught and reported by TCPView and by a specially created Comodo firewall rule.

Bitcomet also was caught while connecting to that address, but just a few times.

A possible solution:

remove this tracker for a specific torrent's Tracker List

http://tracker.mightynova.com:4315/announce

For BitComet:

Right-Click on the Torrent> Properties>Advanced>Tracker List

Tip:

If Peer Guardian blocks an outbound connection that looks like this:

source=my_IP:port ; dest=bad_tracker:3257 ,

than you can remove the bad tracker from the torrent's Tracker List by

identifying it from the blocked port in PG log: e.g. 3257.

After removing the troublesome tracker Peer Guardian couldn't find any connections to that ip and the browsing was good.