jeff at indymedia.org
Fri Oct 20 15:03:09 PDT 2006
jeff moe wrote:
> For the last few hours ahimsa* has seen a flood of UDP traffic to port 6881
> (bittorrent) aimed at BLAG's webserver.
> I blocked it at the firewall and upstream is going to implement the same
> filter. In one snapshot I took there were around 7,000 unique IPs sending traffic.
I still don't have a very good handle on /why/ this is happening.
For the last few days FRII, the upstream ISP, has been blocking this ip/port so
it doesn't flood the firewall. They sent me a log snippet that showed 47 denied
packets. This was the /first 50 seconds/ of the day. So it's about 1 denied IP
hitting us per second.
The IPs are from around the world with maybe a bit of a bias towards APNIC.
They appear to be cable modem/dsl type customers. In other words, they look
like zombied boxes.
A google search shows the box listed as a torrent node for what appear to be
some anime videos: "node://220.127.116.11:6881"
But the box is not sharing any videos nor has it become a warez dumping ground
(e.g. it doesn't appear to have been rooted or anything).
This is creating a bit of a problem for BLAG since it can't share the ISO
images via bittorrent now.
Anyone got a cluestick to hit me with? :)
More information about the ahimsa-tech