gammaguy Posted November 8, 2012 Report Posted November 8, 2012 Hi allI have been a happy utorrent user for many years. Great job!! I recently loaded Malwarebytes onto my computer and it has been blocking a steady stream of outbound/inbound traffic from Utorrent to potentially nefarious ip addresses in china, russia, etc. but what is scaring me is that this is happening when no torrents are active i.e. no uploading, no download, no seeding, nothing paused.I have provided a recent log from malwarebytes to show what I mean, see below.Any thoughts would be appreciated.Thanx Paul2012/11/08 00:32:14 -0400 ASUS-PC ASus IP-BLOCK 89.28.17.214 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 01:02:27 -0400 ASUS-PC ASus IP-BLOCK 218.10.191.138 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 01:02:51 -0400 ASUS-PC ASus IP-BLOCK 89.28.99.174 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 01:02:59 -0400 ASUS-PC ASus IP-BLOCK 222.69.225.156 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 01:18:37 -0400 ASUS-PC ASus IP-BLOCK 218.10.191.8 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 01:18:37 -0400 ASUS-PC ASus IP-BLOCK 222.65.153.18 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 01:31:59 -0400 ASUS-PC ASus IP-BLOCK 194.165.0.3 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 02:20:47 -0400 ASUS-PC ASus IP-BLOCK 58.241.73.15 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 02:35:01 -0400 ASUS-PC ASus IP-BLOCK 79.135.142.225 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 02:49:22 -0400 ASUS-PC ASus IP-BLOCK 91.188.53.35 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 03:49:22 -0400 ASUS-PC ASus IP-BLOCK 222.64.215.203 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 03:50:51 -0400 ASUS-PC ASus IP-BLOCK 89.28.14.18 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 04:19:35 -0400 ASUS-PC ASus IP-BLOCK 195.161.7.7 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 04:51:51 -0400 ASUS-PC ASus IP-BLOCK 188.130.177.11 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 05:08:02 -0400 ASUS-PC ASus IP-BLOCK 89.28.6.81 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 05:24:23 -0400 ASUS-PC ASus IP-BLOCK 222.65.132.102 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 05:51:45 -0400 ASUS-PC ASus MESSAGE Executing scheduled update: Daily2012/11/08 05:51:57 -0400 ASUS-PC ASus MESSAGE Scheduled update executed successfully: database updated from version v2012.11.07.03 to version v2012.11.08.032012/11/08 05:51:57 -0400 ASUS-PC ASus MESSAGE Starting database refresh2012/11/08 05:51:58 -0400 ASUS-PC ASus MESSAGE Stopping IP protection2012/11/08 05:51:58 -0400 ASUS-PC ASus MESSAGE IP Protection stopped successfully2012/11/08 05:52:00 -0400 ASUS-PC ASus MESSAGE Database refreshed successfully2012/11/08 05:52:00 -0400 ASUS-PC ASus MESSAGE Starting IP protection2012/11/08 05:52:01 -0400 ASUS-PC ASus MESSAGE IP Protection started successfully2012/11/08 06:07:53 -0400 ASUS-PC ASus IP-BLOCK 109.163.225.133 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 06:21:55 -0400 ASUS-PC ASus IP-BLOCK 188.130.177.6 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 06:24:19 -0400 ASUS-PC ASus IP-BLOCK 222.64.97.24 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 06:25:47 -0400 ASUS-PC ASus IP-BLOCK 98.142.245.124 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 06:35:48 -0400 ASUS-PC ASus IP-BLOCK 89.28.102.21 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 06:35:48 -0400 ASUS-PC ASus IP-BLOCK 80.82.65.25 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 06:56:30 -0400 ASUS-PC ASus IP-BLOCK 89.28.5.16 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 07:07:29 -0400 ASUS-PC ASus IP-BLOCK 121.10.82.92 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 07:07:29 -0400 ASUS-PC ASus IP-BLOCK 121.10.82.92 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 07:08:42 -0400 ASUS-PC ASus IP-BLOCK 121.10.82.92 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 07:11:22 -0400 ASUS-PC ASus IP-BLOCK 188.95.51.205 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 07:42:25 -0400 ASUS-PC ASus IP-BLOCK 89.28.42.114 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 07:43:37 -0400 ASUS-PC ASus IP-BLOCK 58.241.230.137 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 07:57:31 -0400 ASUS-PC ASus IP-BLOCK 58.240.74.238 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 08:08:29 -0400 ASUS-PC ASus IP-BLOCK 222.64.240.192 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 08:31:32 -0400 ASUS-PC ASus IP-BLOCK 182.178.19.120 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 08:59:10 -0400 ASUS-PC ASus IP-BLOCK 31.133.44.236 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 09:08:39 -0400 ASUS-PC ASus IP-BLOCK 222.64.240.192 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:22:32 -0400 ASUS-PC ASus IP-BLOCK 206.53.54.245 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:25:29 -0400 ASUS-PC ASus IP-BLOCK 222.76.133.215 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:25:37 -0400 ASUS-PC ASus IP-BLOCK 222.76.133.215 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:28:25 -0400 ASUS-PC ASus IP-BLOCK 121.10.82.92 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:33:47 -0400 ASUS-PC ASus IP-BLOCK 218.10.212.157 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:34:51 -0400 ASUS-PC ASus IP-BLOCK 222.70.139.239 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:36:35 -0400 ASUS-PC ASus IP-BLOCK 222.76.133.215 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:36:35 -0400 ASUS-PC ASus IP-BLOCK 222.76.133.215 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:38:43 -0400 ASUS-PC ASus IP-BLOCK 222.64.240.192 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:41:16 -0400 ASUS-PC ASus IP-BLOCK 222.76.133.215 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:43:00 -0400 ASUS-PC ASus IP-BLOCK 188.130.176.19 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 09:47:17 -0400 ASUS-PC ASus IP-BLOCK 93.114.43.204 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 09:51:34 -0400 ASUS-PC ASus IP-BLOCK 195.161.25.15 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 10:01:18 -0400 ASUS-PC ASus IP-BLOCK 222.76.133.215 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 10:01:18 -0400 ASUS-PC ASus IP-BLOCK 222.76.133.215 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 10:01:58 -0400 ASUS-PC ASus IP-BLOCK 89.28.122.171 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 10:09:35 -0400 ASUS-PC ASus IP-BLOCK 222.64.240.192 (Type: incoming, Port: 47188, Process: utorrent.exe)2012/11/08 10:13:43 -0400 ASUS-PC ASus IP-BLOCK 89.28.72.199 (Type: outgoing, Port: 47188, Process: utorrent.exe)2012/11/08 10:41:14 -0400 ASUS-PC ASus IP-BLOCK 46.249.62.66 (Type: outgoing, Port: 47188, Process: utorrent.exe)
gammaguy Posted November 8, 2012 Author Report Posted November 8, 2012 By DHT is assume you mean distributed hash table. I might buy that for the inbound but not the outbound with no active torrentz. Any other thoughts, developers or moderators perhaps?
DreadWingKnight Posted November 8, 2012 Report Posted November 8, 2012 I might buy that for the inbound but not the outbound with no active torrentz.Congratulations, you have mad an incorrect assumption about how DHT works. You have failed, and your log, by not including UDP vs TCP, has failed in giving enough information to say if it is or is not DHT.
ciaobaby Posted November 8, 2012 Report Posted November 8, 2012 And????Just because there are no "active" jobs it doesn't mean no communication. No doubt the incoming requests continues if you close the service down as well.BitTorrent clients cache the peers they have been connected to and continue to poll the IP and port of the peers with the data they are seeking.Trackers, DHT & PEX will keep the last location of the particular torrent so the swarm can be re-connected with all the peers when the clients becomes connectable again.
gammaguy Posted November 8, 2012 Author Report Posted November 8, 2012 Hey, I'm just looking for answers and not to prove or disprove my knowledge however limited it may be.Firstly, I have already acknowledged the inbound argument.But if Malwarebytes has been blocking inbound request from these ip addresses would I not also not be adding these as peers? (this is a questions no a statement.).So the above is true I would not be outbounding anything to them because I don't know that they exist unless other "trusted" peers are providing those ips to me?I hav't torrented anything is a while so that also concerns me.
ciaobaby Posted November 8, 2012 Report Posted November 8, 2012 But if Malwarebytes has been blocking inbound request from these ip addresses would I not also not be adding these as peers?No, if that was the case you would have to know the IP of every single peer that was looking for, or seeding, any and every torrent you added.I hav't torrented anything is a while so that also concerns me.Your current IP and that particular port have been associated with one or more active torrents at some point in time and the IPs that are trying to connect were connected to one or more of those torrent jobs that your current ip was a peer for in the swarm for that particular torrent ID.But for malware bytes to identify the process as utorrent.exe the client service MUST be running on your machine, whether there are any jobs in the list or not, whether the GUI is active or not the service is still running (in the System Tray) and therefore announcing it's IP and port to the bittorrent network.
DreadWingKnight Posted November 8, 2012 Report Posted November 8, 2012 Regardless, DHT being enabled causes a lot of traffic even if you've never had any torrents running on your client.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.