mattspew Posted August 11, 2006 Report Share Posted August 11, 2006 Hi, it's seemed to start happening when I upgraded from uTorrent 1.5 to 1.6...I'm now getting hit with wave after wave of "IP Spoof Attack", "Tiny Fragment Attack" and "TCP Sync Flooding"..These also stop me from browsing...The following are some examples of each attack..[iP Spoof Attack] WAN-LAN SrcIP: 192.168.0.2 DstIP: 60.241.119.* Protocol: 255 SrcPort: 0 DstPort: 0[Tiny Fragment Attack] WAN-LAN SrcIP: 84.56.31.51 DstIP: 60.241.119.* Proto: 255 SrcPort: 0 DstPort: 0[TCP Sync Flooding] WAN-LAN SrcIP: 4.79.142.206 DstIP: 60.241.119.* Proto: 6 SrcPort: 53144 DstPort: 1027Any idea how to stop this from happening??My router supports UPnP, so that's hwo I've setup uTorrent.. it picks a random port everytime it opens.. Link to comment Share on other sites More sharing options...
Firon Posted August 11, 2006 Report Share Posted August 11, 2006 It's a stupid firewall. Get rid of it if it's a software firewall, or turn it off if it's your router firewall. Link to comment Share on other sites More sharing options...
mattspew Posted August 11, 2006 Author Report Share Posted August 11, 2006 Wow, what a useless reply... And you're ment to be an admin... Great..It's a hardware firewall and it's a great one!!! Link to comment Share on other sites More sharing options...
Firon Posted August 11, 2006 Report Share Posted August 11, 2006 If your firewall is killing your internet every time it supposedly receives an IP spoof attack (which is probably it misinterpreting UDP packets, something quite common to firewalls), it's not a very good one... Link to comment Share on other sites More sharing options...
mattspew Posted August 11, 2006 Author Report Share Posted August 11, 2006 [comment deleted by moderator]So what if I was to turn off UPnP and do a manual port forward on both UDP and TCP??It's still strange how it start only with version 1.6... Link to comment Share on other sites More sharing options...
Switeck Posted August 11, 2006 Report Share Posted August 11, 2006 That probably won't "solve" the problem with the firewall seeing problems where there probably isn't.If you disabled DHT all-around and DIDN'T forward UDP on µTorrent's port that might reduce it...but even still you'd probably get a few packets that'd cause that hardware firewall a hissy. Link to comment Share on other sites More sharing options...
mattspew Posted August 13, 2006 Author Report Share Posted August 13, 2006 That doesn't explain why I've had the same setup for over 18 month problem free...It's only been happening for the last 2 weeks... I don't think it's my router/modem.. I think they're real attacks.My dynamic IP has changed just then when I rebooted the modem, so hopefully it will stop..Will run everything as normal with uTorrent closed for 24hr, then open it.. Link to comment Share on other sites More sharing options...
slim Posted August 13, 2006 Report Share Posted August 13, 2006 Have the same problem it came when i upgraded from 1.5 to 1.621:16:51 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F821:16:22 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F821:16:09 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F821:15:15 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F821:14:25 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F8outpost firewallwin xp proutorrent 1.6 build 474 Link to comment Share on other sites More sharing options...
Switeck Posted August 14, 2006 Report Share Posted August 14, 2006 slim, those are LAN ips!Just to make a guess...I bet that's your computer's LAN ip.So...You're being attacked by your own computer!(...according to your firewall.)Is your computer really launching attacks at itself due to viruses/worms?! Link to comment Share on other sites More sharing options...
slim Posted August 14, 2006 Report Share Posted August 14, 2006 yes i know thats lan ips it's my routers ip.No virus or worms scanned with nod32 yesterday.And i only get warnings for ip spoofing when utorrent is running 1.6 had none with 1.5 Link to comment Share on other sites More sharing options...
mattspew Posted August 16, 2006 Author Report Share Posted August 16, 2006 Changing my IP has stopped the attacks.... For now........Like I thought, they were either uTorrent directly or indirectly..If it wan't uTorrent, it was the attention Torrents attracts.Slim, some of my attacks where coming from the IP of my desktop, even when it was turned off..FYI, uTorrents is running on it's own Win2003 server. And I use fixed IPs. Link to comment Share on other sites More sharing options...
mattspew Posted August 17, 2006 Author Report Share Posted August 17, 2006 For the record.. I've been running uTorrent for 2 days with a new IP and not a single firewall attack..Like I said, they must have been real firewall attacks.. Not my router.. Link to comment Share on other sites More sharing options...
Switeck Posted August 17, 2006 Report Share Posted August 17, 2006 I've heard there was a rare loopback issue for people behind a router where the tracker reports their own LAN ip (or their router's LAN ip) as a source to them. I thought that was fixed. I've heard everything from faulty software firewalls to bad hardware routers is the probable cause.Antivirus software only finds viruses, search for the REST of the maleware using these programs:HijackThisSpyBot Seek and DestroyAd Aware(in order of best to worst ) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.