Jump to content

Port Scans while uTorrent (bitTorrent) is running


ssl12

Recommended Posts

As soon as I run uTorrent, my Kerio firewall shows port scans. They all have remote addresses in WAN, and local address - my machine IP (172.16.x.x), iterating TCP ports with some random step, for example 2415, 2419, 2420, etc..

I'm not sure if this is something with my router that is affected by uTorrent, or it's uTorrent runs some activity itself.

Leaving uTorrent stops the scans immediately. Tried to turn off uPNP, and DHT options, neither helped. Tried BitTorrent instead of uTorrent (uTorrent/1.8.2/WindowsXP, BitTorrent/6.1.2/WindowsXP), the results were the same.

Tried on another (rather fresh) machine and the problem is there too.

Router (dlink wifi) is set to forward only one port and I'm not sure why I see the scans at all. Still the problem triggers only when I run uTorrent. Without it everything works fine (no scans)

Any ideas?

I can reproduce the problem in 100% cases.

Link to comment
Share on other sites

Because firewall shows them as inbound connections (WAN->LAN) and local port is constantly changing and does not match what I've set for BitTorrent:

it's how it looks

PqJjNEJ.jpg

With outgoing connections I'd not see anything because they are enabled for BitTorrent and they are not logged.

Link to comment
Share on other sites

those machines scanning me are not local and it's not me attempting to discover them but they are trying to connect to me and they are using different ports, not uTorrent's. It's pure port scan.

As soon as leave uTorrent, I see only attempts to connect to uTorrent's port (quite expectedly) and nothing else.

Also I'd not that I tried BitTorrent 6.1.2 which does not support local peer discover (I see no corresponding setting) but the problem is triggered by it as well.

Link to comment
Share on other sites

Resolve IPs disabled?

Do you have multiple software firewalls running?

Because what I know about uTorrent those ports should be OUTGOING ports...if a firewall is mistaking them for incoming traffic, it is either wrong or horribly confused by seeing the in/out from another software firewall on the computer.

You could always try binding uTorrent to an outgoing port or port range.

Link to comment
Share on other sites

Torrents? But how would they be a possible source of the problem? They are plain mp3 files. What to check to make sure if they are source of the problem or not?

===========================

well, we're a bit closer.

With all torrents stopped, ports scans do not appear.

Starting 1 torrent does not trigger the scans (or requires more time to wait than I waited). With 10 torrents started port scans are triggered almost immediately.

What to do?

@Switeck:

1. sure, "resolve IPs" is disabled.

2. Kerio is my primary sofware firewall, Windows has its own too, but it's almost permissive and does not change anything. NAT router (hardware) has its own firewall too.

3. not exactly correct, uTorrent accepts inbound connections too, it has listener for this and netstat shows this fact. The port is properly forwarded through NAT router and everything works fine, except ports scans that I'd like to avoid.

===========================

Any updates? Any ideas?

What to do with port scans?!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...