[ahimsa-tech] UDP->6881
jeff moe
jeff at indymedia.org
Fri Oct 20 15:03:09 PDT 2006
jeff moe wrote:
> For the last few hours ahimsa* has seen a flood of UDP traffic to port 6881
> (bittorrent) aimed at BLAG's webserver.
>
> I blocked it at the firewall and upstream is going to implement the same
> filter. In one snapshot I took there were around 7,000 unique IPs sending traffic.
I still don't have a very good handle on /why/ this is happening.
For the last few days FRII, the upstream ISP, has been blocking this ip/port so
it doesn't flood the firewall. They sent me a log snippet that showed 47 denied
packets. This was the /first 50 seconds/ of the day. So it's about 1 denied IP
hitting us per second.
The IPs are from around the world with maybe a bit of a bias towards APNIC.
They appear to be cable modem/dsl type customers. In other words, they look
like zombied boxes.
A google search shows the box listed as a torrent node for what appear to be
some anime videos: "node://216.17.145.32:6881"
http://www.google.com/search?hl=en&q=216.17.145.32+torrent&btnG=Google+Search
But the box is not sharing any videos nor has it become a warez dumping ground
(e.g. it doesn't appear to have been rooted or anything).
This is creating a bit of a problem for BLAG since it can't share the ISO
images via bittorrent now.
Anyone got a cluestick to hit me with? :)
Thanks,
-Jeff
More information about the ahimsa-tech
mailing list