Firewall Attacks :(

Hi, it's seemed to start happening when I upgraded from uTorrent 1.5 to 1.6...

I'm now getting hit with wave after wave of "IP Spoof Attack", "Tiny Fragment Attack" and "TCP Sync Flooding"..

These also stop me from browsing...

The following are some examples of each attack..

[iP Spoof Attack] WAN-LAN SrcIP: 192.168.0.2 DstIP: 60.241.119.* Protocol: 255 SrcPort: 0 DstPort: 0

[Tiny Fragment Attack] WAN-LAN SrcIP: 84.56.31.51 DstIP: 60.241.119.* Proto: 255 SrcPort: 0 DstPort: 0

[TCP Sync Flooding] WAN-LAN SrcIP: 4.79.142.206 DstIP: 60.241.119.* Proto: 6 SrcPort: 53144 DstPort: 1027

Any idea how to stop this from happening??

My router supports UPnP, so that's hwo I've setup uTorrent.. it picks a random port everytime it opens..

It's a stupid firewall. Get rid of it if it's a software firewall, or turn it off if it's your router firewall.

Wow, what a useless reply... And you're ment to be an admin... Great..

It's a hardware firewall and it's a great one!!!

If your firewall is killing your internet every time it supposedly receives an IP spoof attack (which is probably it misinterpreting UDP packets, something quite common to firewalls), it's not a very good one...

[comment deleted by moderator]

So what if I was to turn off UPnP and do a manual port forward on both UDP and TCP??

It's still strange how it start only with version 1.6...

That probably won't "solve" the problem with the firewall seeing problems where there probably isn't.

If you disabled DHT all-around and DIDN'T forward UDP on µTorrent's port that might reduce it...but even still you'd probably get a few packets that'd cause that hardware firewall a hissy.

That doesn't explain why I've had the same setup for over 18 month problem free...

It's only been happening for the last 2 weeks... I don't think it's my router/modem.. I think they're real attacks.

My dynamic IP has changed just then when I rebooted the modem, so hopefully it will stop..

Will run everything as normal with uTorrent closed for 24hr, then open it..

Have the same problem it came when i upgraded from 1.5 to 1.6

21:16:51 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F8

21:16:22 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F8

21:16:09 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F8

21:15:15 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F8

21:14:25 IP Spoofing 192.168.0.254 00-90-D0-F4-FE-F8

outpost firewall

win xp pro

utorrent 1.6 build 474

slim, those are LAN ips!

Just to make a guess...I bet that's your computer's LAN ip.

So...You're being attacked by your own computer!

(...according to your firewall.)

Is your computer really launching attacks at itself due to viruses/worms?!

yes i know thats lan ips it's my routers ip.

No virus or worms scanned with nod32 yesterday.

And i only get warnings for ip spoofing when utorrent is running 1.6 had none with 1.5

Changing my IP has stopped the attacks.... For now........

Like I thought, they were either uTorrent directly or indirectly..

If it wan't uTorrent, it was the attention Torrents attracts.

Slim, some of my attacks where coming from the IP of my desktop, even when it was turned off..

FYI, uTorrents is running on it's own Win2003 server. And I use fixed IPs.

For the record.. I've been running uTorrent for 2 days with a new IP and not a single firewall attack..

Like I said, they must have been real firewall attacks.. Not my router..

I've heard there was a rare loopback issue for people behind a router where the tracker reports their own LAN ip (or their router's LAN ip) as a source to them. I thought that was fixed. I've heard everything from faulty software firewalls to bad hardware routers is the probable cause.

Antivirus software only finds viruses, search for the REST of the maleware using these programs:

HijackThis

SpyBot Seek and Destroy

Ad Aware

(in order of best to worst )