Jump to content

Utorrent. backdoor / security leak


NYK86uk

Recommended Posts

Greetings.

i am wondering.

why this IP.. 192.121.121.30 < from "Kungliga Tekniska Hogskolan" *sweden*

is attempting to access my Machine is Scanning my ports. for possible attack points.

i post this here.. because it only trys to gain entry when ever i use or close utorrent.

during no other time.

this ip. comes up.

it has even send several brute force attacks, according to my ISP.

this ip also prevents utorrent.exe from unloading from memory,

after i exit the application properly

once i use the option "end process tree" utorrent.exe closes

and the given ip above stops its attacks on my IP / ISP.

the ip adress trys the entire range of ports. with about 4 - 5 ports per second.

so it is not exactly suttle either.

so it is utorrent related. :mad:

or should i go to the IP's ISP. and do an abuse report.

and sumbit the attacks from the IP?

so. dear utorrent dev's.. what is this?

backdoor? security leak? exploit?

i am intrested in knowing.

thanks.

file.php?3,file=1056,filename=Capture.JPG

Link to comment
Share on other sites

  • 1 month later...

Hello,

I registered to the forum to let you know I face the same behavior with uTorrent.

When closing uTorrent application, the main window disappears but the process still running in the background.

At the same time, connection from/to IP 192.121.121.30:80 tries to be established with my PC. As the connection to the remote IP is blocked by my rules, uTorrent tries another port, which is also forbidden, and so on from the port range 50000+ of my IP address.

I manually kill the process for uTorrent and the connection attempts stop immediately.

If I remove my rule, the connection with the remote IP succeeds and uTorrent stops.

Below a screen shot of the connection attempts just before I kill the process:

2rzcqo7.jpg

I wonder what uTorrent try to do when connecting to this IP and why it desperately try every port from the range 50000+ until it succeeds.

Perhaps it is related to the auto-update feature ???

Best regards.

Link to comment
Share on other sites

Is this the expected behavior ?

If I understand the situation:

- my rule blocks connections for some peer of a torrent

- when closing uTorrent (as the connection attempts start only at this moment), the application tries to contact these blocked peers from a large range of ports as it could not succeed with any of them

Is it not better to not try this whole port range but only a few ports ?

Is this configurable in uTorrent ?

I saw some parameters intituled "net.outgoing_port" and "net.outgoing_max_port".

Could I use them to restrict the port range on my Pc or is it made for restricting port range on distant IP ?

Sorry with all my questions.

Just trying to figure what happens.

Link to comment
Share on other sites

Many thanks for your insights.

Removing entries for this tracker on my torrents solves the problem for me.

Another solution is to authorize the access to this tracker if your are confident with it.

For my personal knowledge, is uTorrent trying to contact each tracker of active torrents when closing to update their statistics on active peers ?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...