Why do I continue to see steady traffic inbound AND outbound on the port opened for Azureus in my syslog even when all torrents are stopped and Azurues shows zero activity?
I have a very good hardware firewall in place. Only Azurueus can access this port.
The only way to kill the outbound traffic is to close Azurues. At that point, the outbound traffic stops but the inbound does not (assuming clients are continually trying to connect). Does Azurueus NOT send some sort of STOP or KILL message to all connected Peers when a torrent is stopped?
Is this evidence of a hack? a bug? decentralized or anonymous tracking/peers?
Even after closing Azureus, all the inbound traffic can continue to clog the router and slow over all connection speeds for all computers on the subnet.
Originally posted by Steviebon:Why do I continue to see steady traffic inbound AND outbound on the port opened for Azureus in my syslog even when all torrents are stopped and Azurues shows zero activity?
I have a very good hardware firewall in place. Only Azurueus can access this port.
The only way to kill the outbound traffic is to close Azurues. At that point, the outbound traffic stops but the inbound does not (assuming clients are continually trying to connect). Does Azurueus NOT send some sort of STOP or KILL message to all connected Peers when a torrent is stopped?
Is this evidence of a hack? a bug? decentralized or anonymous tracking/peers?
Even after closing Azureus, all the inbound traffic can continue to clog the router and slow over all connection speeds for all computers on the subnet.
Should I be concerned about this?
well you said it your self its a open port. SO people gonna attack it. Try closing it for a couple 30 minutes or so and see if people still scanning that port. My advice is not full proof dont guarantee this will solve the problem.
Well thanks, I'm going to have to use a sniffer to see exactly what the traffic is... thing is, it's using AZu whatever it is. Upon stopping Azu, all outbound traffic ceases immediately. Inbound doesn't stop right away and is coming from multiple IP's. It seems like it could be decentralized tracking or something that doesn't stop sending requests when AZU stops all torrents. I also noticed that changing port numbers did nothing. However, disabling DHT and decentralized tracking 'may' have solved the problem.
If it's normal traffic from decentral ok. If not, it's somebody using AZU to do something unannounced. That's my concern. However, if there were a hack that allowed someone to take control of AZU without the tracker showing any activity in the GUI you would think it would be a known bug.
I haven't had time yet to experiment with other clients.
I also seeing very heavy traffic to my router several days after I shutdown Azureus. It seems like all the peers, that I had connected to my torrents continuously try to connect.
I have tried closing down torrents, before closing Azureus, to just blocking off the incoming port on my router.
My router logs still report about 10000 blocked incoming connection attemts per hour on the port I use for Azureus.
I fail to see how this is Azureus attempting to update the DHT, or any other plugin. This is other bit-torrent clients continuously attempting to connect to my IP, days after I close my client.
I am very interested to hear if there is a way to stop this, I'm sure its putting a lot of unnecessary strain on my router.
-Fish
Originally posted by TomMelee:...it's Azureus attempting to update the DHT and/or safe-peer, whatever other plugin.
I agree with you... this is not DHT, I have it disabled and the problem persists... syslog shows many thousands of repeated attempts by various IP's to connect... most of the time a single reply is made (a reset) nevertheless it takes many hours, sometimes days, for all this traffic to subside. Closing down Azurues kills the outbound responses in syslog but does nothing to wain the onslaught of inbound requests to the port. Changing the port does nothing.
I have been unable to get any response from Azu support on this.
I think it will depend on what torrents you are hosting (and what peers are trying to connect to these torrents) and what trackers you use more than which client.
