Re: BitTorrent security questions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt De Bree wrote:
> "Will Ashford" <ashford@xxxxxxxxxxxx> schreef in bericht
> news:dpsu9n$42j$1@xxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> Robert Glueck wrote:
>
>>I'm running a Linux desktop behind a NAT router with a
>>broadband connection to the Internet. I've also installed
>>an iptables based firewall (Firestarter) with a completely
>>permissive outbound traffic policy and an inbound traffic
>>policy of NO connections from any host allowed and NO
>>services on any port allowed for anyone.
>
>>I frequently use BitTorrent (Azureus 2.3.0.6) to download
>>files from the web. In order to support this I enabled
>>port forwarding on the NAT router for ports 6882-6889 for
>>service BitTorrent. With these settings BitTorrent seemed
>>to be running all right.
>
>>Recently, after I had installed an update for Azureus
>>(v.2.3.0.6), I noticed a new colored button in the status
>>bar which would be either yellow or red indicating a
>>"Possible NAT (TCP) problem".
>
>>In the course of investigating this, I also noticed an item
>>"NAT/Firewall test" in the Azureus Tools menu which would
>>test the "incoming TCP/UDP listen port" which I had set to
>>6886. When I ran this test, it failed with the message
>>"Testing port 6886 ... NAT error". The test dialog box
>>also offered the following explanation: "In order to get
>>the best out of Azureus, it's highly recommended to be
>>fully accessible from the Internet. This tool lets you
>>test and/or change the port used to accept incoming peer
>>connections."
>
>>I took this recommendation to mean that I should open my
>>firewall for the ports used by bittorrent. Accordingly, I
>>added the inbound traffic policy "Allow service BitTorrent
>>for port 6881-6889 for everyone."
>
>>With that the NAT status indicator button in the Azureus
>>status bar turned green ("NAT OK (TCP)"). Also, some of
>>the torrent health indicators for ongoing downloads turned
>>green, meaning "everything is going fine" whereas before
>>they had generally been yellow, meaning "you're connected
>>to peers, tracker is OK but you may have a NAT problem if
>>your torrents stay on yellow status all the time."
>
>>After I'd made these changes everything seemed fine and
>>subjectively it seemed as though Azureus was working better
>>and down/uploading faster.
>
>>Then I did a Shields Up (grc.com) port scan for the range of
>>ports 6881-6889 while Azureus was running and downloads
>>were proceeding. The result: 6881 stealthed, 6882-6885 and
>>6887-6889 closed, 6886 OPEN. Ouch! I'd been running my
>>system with this configuration for more than a week.
>
>>I immediately removed the firewall rule "Allow service
>>BitTorrent for port 6881-6889 for everyone" and did another
>>Shields Up port scan. The result: 6881-6889 stealthed.
>>BitTorrent down/uploads were still running fine.
>
>>Next I also disabled port forwarding for ports 6882-6889 in
>>the NAT router. BitTorrent down/uploads were still running
>>fine.
>
>>Several questions:
>
>>1. When my system was configured with port forwarding
>>enabled in the router and BitTorrent allowed for ports
>>6881-6889 in the inbound traffic rules of my firewall, the
>>Shields Up port scan diagnosed port 6886 as open whenever
>>Azureus was running. Did that constitute a major security
>>hazard that a malicious hacker could have exploited? Could
>>he have installed malware via this "open" port, or was this
>>port only open for the BitTorrent protocol? If malware had
>>been installed would it have remained in my user area (I
>>wasn't running Azureus as root) or could I have been
>>rooted?
>
> Azureus only uses port 6881 TCP for data transmission and 6881 UDP for
>
>
>> I really don't agree with this. I'm only using port 55555 for Azureus, and
>> don't
>> have any problem with that ;-)

Oh, yes, you can change the port if you'd like (in fact it is highly
recommended that you do because ISPs like to block port 6881). I was
simply detailing the default behavior.

Will

<snip>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDyecHkIdrTCWKJM0RAg6nAJ49S6RYdwh3V14TBLJ4kpDlp9yW/gCfZrfE
PnE9rzuTSrwhyejKSoElKPk=
=5Z2A
-----END PGP SIGNATURE-----
.