Author Topic: wtf??  (Read 7411 times)

0 Members and 2 Guests are viewing this topic.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
wtf??
« on: December 30, 2005, 10:06:23 am »
Ok, this is about the third day in a row it's happened.  I seem to be trying to get exploited with some Network Virus for AWStats.. but the attack only seems to come when I'm on Azureus.  I run Azureus, and about an hour later Trend Micro pops up saying it blocked a network virus that hits Windows AWSTATS users. :\
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline AntiVirus

  • Legendary
  • x86
  • Hero Member
  • *****
  • Posts: 2521
  • Best
    • View Profile
Re: wtf??
« Reply #1 on: December 30, 2005, 11:55:22 am »
That sucks Deadly.. :(

Maybe you shouldn't run Azureus anymore.  :P
The once grove of splendor,
Aforetime crowned by lilac and lily,
Lay now forevermore slender;
And all winds that liven
Silhouette a lone existence;
A leafless oak grasping at eternity.


"They say that I must learn to kill before I can feel safe, but I rather kill myself then turn into their slave."
- The Rasmus

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: wtf??
« Reply #2 on: December 30, 2005, 12:06:56 pm »
I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.

When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: wtf??
« Reply #3 on: December 30, 2005, 12:10:20 pm »
Na, joe, it's not that.. it's like something corrupted AZUREUS itself.. even if I leave it running with no torrents or anything, I still get the notification.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: wtf??
« Reply #4 on: December 30, 2005, 12:36:12 pm »
Get an older version, then.  I still use 2.1.04 (IIRC), or something old like that...

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: wtf??
« Reply #5 on: December 30, 2005, 01:06:31 pm »
I use 2.3.04 :-\
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: wtf??
« Reply #6 on: December 30, 2005, 02:22:45 pm »
It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.  Once the ports are open, you're vulnerable to worms and such that propogate through those ports. 

Whether or not it is actually an issue, if most firewalls (or virus scanners or whatever) detect a propogation attempt, they'll make sure you know that they blocked it and "look how good I am!", even if you aren't vulnerable in the first place. 

I'm guessing that's what you're seeing.  It's not likely that you're in any danger, but commercial firewalls like to make it seem like you are.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: wtf??
« Reply #7 on: December 30, 2005, 02:31:16 pm »
Oh, all right.  Thanks.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Hitmen

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 1913
    • View Profile
Re: wtf??
« Reply #8 on: December 30, 2005, 06:10:02 pm »
It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.
Unless, of course, you tell it not to. It wasn't even enabled by default until a few versions ago I think.
Quote
(22:15:39) Newby: it hurts to swallow

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: wtf??
« Reply #9 on: December 30, 2005, 06:12:41 pm »
It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.
Unless, of course, you tell it not to. It wasn't even enabled by default until a few versions ago I think.

Well, it's enabled by default now, for sure.  It was messing with my internal router, which wasn't going to do it any good.  I'm glad I realized that before it screwed anything up, and I made sure to disable UPnP on all my routers.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: wtf??
« Reply #10 on: December 30, 2005, 06:15:45 pm »
Well, I disabled UPnP.. now we wait.


Edit: Well, UPnP was already disabled on my router, just now it's disabled in Azureus as well.
« Last Edit: December 30, 2005, 06:20:34 pm by deadly7 »
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: wtf??
« Reply #11 on: December 31, 2005, 03:06:08 pm »
Uh, UPnP has been disabled with Azureus and it still happened. wtf
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: wtf??
« Reply #12 on: December 31, 2005, 03:33:14 pm »
Are you absolutely sure its not this?

I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.

When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: wtf??
« Reply #13 on: December 31, 2005, 03:37:29 pm »
Are you absolutely sure its not this?

I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.

When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.

The data would've been rejected anyway, since bittorrent data is checksum'd as it's recieved.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: wtf??
« Reply #14 on: December 31, 2005, 04:08:51 pm »
The data would've been rejected anyway, since bittorrent data is checksum'd as it's recieved.

However, if any bittorrent client had a vulnerability in it, it could be taken advantage of.  The scanner program might have picked up an exploit for a different version of a different program, or something. 

Or, the signature might just suck.  I've noticed while using Snort to monitor traffic, when I'm downloading something off BitTorrent, it often picks up on signatures that it sees that are purely coincidental.