Attack Against Port 6881?
Alex Satrapa
grail at goldweb.com.au
Tue Feb 4 23:15:55 EST 2003
Our Telstra Bigpong account came in today... 6Gb of excess traffic,
apparently?
I have logs showing lots of attempts to connect to port 6881, from
various places such as:
- cust.90.110.adsl.cistron.nl
- alb-24-195-149-48.nycap.rr.com
- pc1-ldry1-4-cust23.blfs.cable.ntl.com
- pc3-farn1-5-cust152.glfd.cable.ntl.com
Does anyone know what is supposed to be on port 6881?
Now to find out whether Telstra will acknowledge the fact that I didn't
want that traffic (I have lots and lots of logs proving that my network
was dropping every SYN packet - all 6Gb of them!). I don't know if
anyone else was affected, but the attack happened around December 29-31,
and a little of the morning of Jan 1. Has anyone else had a similar
problem?
AFAIK, 6881 is the port used by "BitTorrent" - a file download system
where you get a little bit of your bulk data from one source, a little
bit from another, etc. I think the idea is to maximise your own
download without swamping the people sharing the bulk data. My guess is
that I was lucky enough to get the IP address of someone who'd been
sharing warez, and so all those leeches were trying to connect to my
non-existent BitTorrent server.
Interesting to note that they kept trying to connect at 4 second
intervals, nonstop for 4 days, and Telstra just let the packets on
through (don't they know how to recognise a DDoS yet?).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 225 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20030204/d3df5d0d/attachment.bin
More information about the linux
mailing list