Legitimate attack or a bot? what is this?

  • **I've seen a few blocks here and there but never this many for this long on the same ports from different addresses.

    looking just fine on cpu/memory still but what is this attempting to do? lots more where this came from… From Russia with love I guess. ???**

  • The way i see it, unless there is infiltration, or flooding, one can drive themselves to banging the head trying to find out they why and who.

  • Are you running a torrent client, or were you?

  • @KOM:

    Are you running a torrent client, or were you?

    yes. on port 51413

  • I thought it looked like a swarm.  I believe that this is normal if you disconnect but you still have a ton of external clients trying to contact you.  Perhaps your torrent client is using random ports instead of the one you defined?

  • LAYER 8 Global Moderator

    ^ agreed… this looks like p2p traffic..  Random ports to your same odd ball "random" high udp port.

    Might not even have been you, if your IP changed and now your seeing traffic to someone else port that was member of swarm.  This sort of traffic can go on for days if not weeks..

    There is really so much udp noise, that I turned off the block default logging on wan and put in a rule that logs blocks that are tcp syn only..  Makes the logs much easier to read ;)

  • I've seen some clients that allow you to set the data ports, but the control ports are always random and no way to control that. Torrent has a lot of different ports.

Log in to reply