Jump to content

Question about BitTorrent traffic.


Recommended Posts

Does Torrent P2P make use of unsolicited UDP traffic? Since I've enabled the IPS on my router (1811w) I've been logging what it calls "UDP Bombs" being sent to my public address to the port that my computer has configured for incoming connections, as well as a port 0 (?).


Sep 9 03:27:23.763: %IPS-4-SIGNATURE: Sig:4050 Subsig:0 Sev:50 UDP Bomb [ -> publicaddress:0] VRF:NONE RiskRating:50

Sep 9 03:27:23.839: %IPS-4-SIGNATURE: Sig:4050 Subsig:0 Sev:50 UDP Bomb [ -> publicaddress:10100] VRF:NONE RiskRating:50

I looked up UDP Bomb and it came back with this:

UDP Bomb attack: This is also called a UDP Flood or packet storm. The attacker congests the network by generating a flood of UDP packets between two computers using the UDP chargen service (a testing utility that generates a character string for every packet it receives), the quote-of-the-day (quotd) service, or the daytime service.

I guess I'm just wondering if what I'm logging are actual "attacks" or if they are legitimate bittorrent traffic packets that I'm blocking thus hindering my download speeds. These UDP Bombs only appear to happen when I am actively downloading torrents.

Link to comment
Share on other sites

I have uTorrent configured to listen on 10100.

Hrm... I could setup a monitor session and use the other ethernet port on my computer to capture the packets with wireshark. I'm not sure what I would be looking for though. I'm also not sure how much of my firewall I would have to tear down so that the packets would get monitored. Would the IPS configured on the interface stop that interface from letting me monitor it?

Since UDP is used for uTP and the DHT network, am I hindering myself by essentially dropping those connections?

Also, I believe the IPS signature to be somewhat detailed, do you think that the UDP traffic from uTP and DHT could be mistaken by the IPS signature?

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...