Attack Against Port 6881?

Alex Satrapa grail at
Tue Feb 4 23:15:55 EST 2003

Our Telstra Bigpong account came in today... 6Gb of excess traffic, 

I have logs showing lots of attempts to connect to port 6881, from 
various places such as:

Does anyone know what is supposed to be on port 6881?

Now to find out whether Telstra will acknowledge the fact that I didn't 
want that traffic (I have lots and lots of logs proving that my network 
was dropping every SYN packet - all 6Gb of them!).  I don't know if 
anyone else was affected, but the attack happened around December 29-31, 
and a little of the morning of Jan 1.  Has anyone else had a similar 

AFAIK, 6881 is the port used by "BitTorrent" - a file download system 
where you get a little bit of your bulk data from one source, a little 
bit from another, etc.  I think the idea is to maximise your own 
download without swamping the people sharing the bulk data.  My guess is 
that I was lucky enough to get the IP address of someone who'd been 
sharing warez, and so all those leeches were trying to connect to my 
non-existent BitTorrent server.

Interesting to note that they kept trying to connect at 4 second 
intervals, nonstop for 4 days, and Telstra just let the packets on 
through (don't they know how to recognise a DDoS yet?).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 225 bytes
Desc: not available
Url :

More information about the linux mailing list