Jump to content

Utorrent Botnet


Recommended Posts

I'm not entirely sure what to make of this. It seems a botnet monitoring service (shadowserver) thinks dht01.utorrent.com is a botnet. There's no irc or anything like that on that server correct? Is the only way for me not to trip this to disable dht? Below is my universities log of the event.

05/28-05:14:06 [my.ip] Connected_to_Botnet

05/28-05:14:06.129363 [**] [1:2404225:2329] ET DROP Known Bot C&C Server Traffic UDP (group 113) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} [my.ip]:57278 ->

Snort rule triggered:

alert udp $HOME_NET 1:24,26:52,54:65535 -> [,,,,,,,,,] 1:24,26:52,54:65535 (msg:"ET DROP Known Bot C&C Server Traffic UDP (group 113) "; reference:url,doc.emergingthreats.net/bin/view/Main/ShadowServerCC; reference:url,www.shadowserver.org; reference:url,abuse.ch; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; sid:2404225; rev:2329;)

2011-05-28 05:14:06.129363 IP [my dns].57278 > dht01.utorrent.com.6881: UDP, length 103

0x0000: 4500 0083 7ef8 0000 7d11 e4ce 83c1 1f80 E...~...}.......

0x0010: 43d7 f28a dfbe 1ae1 006f ee54 6431 3a61 C........o.Td1:a

0x0020: 6432 3a69 6432 303a 5cfc 4dcf a864 f10b d2:id20:\.M..d..

0x0030: 8053 6dbd 9097 e978 5c99 646e 363a 7461 .Sm....x\.dn6:ta

0x0040: 7267 6574 3230 3ac0 790a b064 681e 9834 rget20:.y..dh..4

0x0050: 63ec c92d db14 4daa 5c9d 0b65 313a 7139 c..-..M.\..e1:q9

0x0060: 3a66 696e 645f 6e6f 6465 313a 7434 3abd :find_node1:t4:.

0x0070: cedf 8931 3a76 343a 5554 62d6 313a 7931 ...1:v4:UTb.1:y1

0x0080: 3a71 65 :qe

Link to comment
Share on other sites

I apologize for not explicitly saying that I knew about DHT, I was more curious if there was anything else on that server that might have gotten them confused. At any rate, the important question for me is, if I disable DHT in utorrent, will it prevent any and all connection to that server?

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...