Port Forwarding / Port Triggering utorrent [Staying Safe]

dibbers

Premium Member
Premium Member
Joined
May 18, 2005
Messages
11,797
Reaction score
1,387
Location
Ipswhich
hi all,

i have just had to open a port so utorrent would work,

OK!
Port 26162 is open and accepting connections.

You will be able to receive incoming BitTorrent connections.


so my start and end port is 26162 and all working..... is this safe doing it this way, it's the only way i can think of doing it via the netgear router like..
 
thats the same way i do it m8, not had any problems as yet
 
Thanks buddy, bought another router (as you know) for in here and the last thing i wanted to do is then open a port and make my self vunrable.....cheers man.

i think i'm going to go and do that on the other router with the xbox and find the ports as been having problems with live/chat etc....so i know what i'm doing now....cheers again
 
why am i getting this in the log of the router now....lots of lan access etc etc

[LAN access from remote] from 78.0.219.131:57951 to 192.168.2.2:26162 Thursday, Aug 13,2009 21:13:20
[LAN access from remote] from 212.94.89.65:46904 to 192.168.2.2:26162 Thursday, Aug 13,2009 21:11:10
[LAN access from remote] from 87.204.10.10:4956 to 192.168.2.2:26162 Thursday, Aug 13,2009 20:58:07
[LAN access from remote] from 116.71.164.245:25307 to 192.168.2.2:26162


excellent now a few [DOS] attacks.....

[DOS attack: FIN Scan] attack packets in last 20 sec from ip [88.221.184.167], from ip address in Zurich....closed the ports until i see what's going on here like...



Hackers use the TCP FIN scan to identify listening TCP port numbers based on how the target device reacts to a transaction close request for a TCP port (even though no connection may exist before these close requests are made). This type of scan can get through basic firewalls and boundary routers that filter on incoming TCP packets with the Finish (FIN) and ACK flag combination. The TCP packets used in this scan include only the TCP FIN flag setting.

If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target device's TCP port is open, the target device discards the FIN and sends no reply.


just done a netstat -a on the command line and all looks good...fo now....any ideas or me over reacting


i'm just wondering if that's why my net been cutting out a few times and I've been getting the old balloon up saying net connected!
 
Last edited:
You're getting the first logs 'cause you're torrent forwarding is working properly. If you look at the first line, you can see that ip 78.0.219.131 got forwarded to your internal lan ip 192.168.2.2 on port 2162, which is the port your torrent client is listening. all that's happening is that your routers logging is a bit too verbose.

As for the FIN DOS, it's almost certainly not a DOS attack, it'll just be an nmap scan. This will happen all the time, and there's nothing to worry about, or really anything you can do about it (on most home routers anyway). As long as you've only got the ports open you definitely need, and that the programs listening on these ports are up to date and patched, you should have no problems.

I doubt very much that this is the cause of your net drops. When you say it drops, do you mean wireless or wired? Or the actual internet itself.
 
phew thanks beady mate!

even when the torrent app isn't tunning and does that still happen?

the only port that i have open on the router is that single one that is what utorrent is set too....as for nmap......(i'm with you on that one)

:Clap: thanks man....as you know the whole reason of me getting a router was to stay safe!
 
YEs, the port forwarding will stay active even if the torrent program isn't on. Afterall, the router just recieves a packet on port 2162 and forwards it to 192.168.2.2. It's then up to the PC to decide what to do with it. As far as the router is concerned, it's done it's job properly, and makes an entry in the log. So, everytime someone tries to connect tio that port, be it with a torrent client, nmap scan or whatever, you'll get a 'successful' entry in the logs.
 
When a computer on the internet sends data to the external ip address of the router, the router needs to know what to do with the data. Port Forwarding simply tells the router which computer on the local area network to send the data to......something like that.....so allowing an inbound and outbound connection for a specfic program/computer
 
Back
Top