Ok, this is about the third day in a row it's happened. I seem to be trying to get exploited with some Network Virus for AWStats.. but the attack only seems to come when I'm on Azureus. I run Azureus, and about an hour later Trend Micro pops up saying it blocked a network virus that hits Windows AWSTATS users. :\
That sucks Deadly.. :(
Maybe you shouldn't run Azureus anymore. :P
I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.
When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.
Na, joe, it's not that.. it's like something corrupted AZUREUS itself.. even if I leave it running with no torrents or anything, I still get the notification.
Get an older version, then. I still use 2.1.04 (IIRC), or something old like that...
I use 2.3.04 :-\
It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router. Once the ports are open, you're vulnerable to worms and such that propogate through those ports.
Whether or not it is actually an issue, if most firewalls (or virus scanners or whatever) detect a propogation attempt, they'll make sure you know that they blocked it and "look how good I am!", even if you aren't vulnerable in the first place.
I'm guessing that's what you're seeing. It's not likely that you're in any danger, but commercial firewalls like to make it seem like you are.
Oh, all right. Thanks.
Quote from: iago on December 30, 2005, 02:22:45 PM
It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.
Unless, of course, you tell it not to. It wasn't even enabled by default until a few versions ago I think.
Quote from: Hitmen on December 30, 2005, 06:10:02 PM
Quote from: iago on December 30, 2005, 02:22:45 PM
It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.
Unless, of course, you tell it not to. It wasn't even enabled by default until a few versions ago I think.
Well, it's enabled by default now, for sure. It was messing with my internal router, which wasn't going to do it any good. I'm glad I realized that before it screwed anything up, and I made sure to disable UPnP on all my routers.
Well, I disabled UPnP.. now we wait.
Edit: Well, UPnP was already disabled on my router, just now it's disabled in Azureus as well.
Uh, UPnP has been disabled with Azureus and it still happened. wtf
Are you absolutely sure its not this?
Quote from: Joe[e2] on December 30, 2005, 12:06:56 PM
I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.
When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.
Quote from: Joe[e2] on December 31, 2005, 03:33:14 PM
Are you absolutely sure its not this?
Quote from: Joe[e2] on December 30, 2005, 12:06:56 PM
I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.
When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.
The data would've been rejected anyway, since bittorrent data is checksum'd as it's recieved.
Quote from: Sidoh on December 31, 2005, 03:37:29 PM
The data would've been rejected anyway, since bittorrent data is checksum'd as it's recieved.
However, if any bittorrent client had a vulnerability in it, it could be taken advantage of. The scanner program might have picked up an exploit for a different version of a different program, or something.
Or, the signature might just suck. I've noticed while using Snort to monitor traffic, when I'm downloading something off BitTorrent, it often picks up on signatures that it sees that are purely coincidental.
Quote from: iago on December 31, 2005, 04:08:51 PM
However, if any bittorrent client had a vulnerability in it, it could be taken advantage of. The scanner program might have picked up an exploit for a different version of a different program, or something.
Or, the signature might just suck. I've noticed while using Snort to monitor traffic, when I'm downloading something off BitTorrent, it often picks up on signatures that it sees that are purely coincidental.
Haha, yeah. It still makes it that much harder, though! :)
Quote from: iago on December 31, 2005, 04:08:51 PM
Quote from: Sidoh on December 31, 2005, 03:37:29 PM
The data would've been rejected anyway, since bittorrent data is checksum'd as it's recieved.
However, if any bittorrent client had a vulnerability in it, it could be taken advantage of. The scanner program might have picked up an exploit for a different version of a different program, or something.
Or, the signature might just suck. I've noticed while using Snort to monitor traffic, when I'm downloading something off BitTorrent, it often picks up on signatures that it sees that are purely coincidental.
No, I run the same programs and nothing new.. and the thing only tries to exploit me when Azureus is running, which leads me to believe that it's something of how it screws with my ports. Port 80 seems to be the key port... which, oddly enough, Azureus loves to use! Hmm..
Quote from: Sidoh on December 31, 2005, 04:09:55 PM
Quote from: iago on December 31, 2005, 04:08:51 PM
However, if any bittorrent client had a vulnerability in it, it could be taken advantage of. The scanner program might have picked up an exploit for a different version of a different program, or something.
Or, the signature might just suck. I've noticed while using Snort to monitor traffic, when I'm downloading something off BitTorrent, it often picks up on signatures that it sees that are purely coincidental.
Haha, yeah. It still makes it that much harder, though! :)
It makes it harder to GET the virus, but it doesn't make it any harder to see the signature for it.
What I was saying is that the tracker is giving you a list of IP's. If you simply implement the tracker protocol, you're harvesting yourself some IP addresses, to which you could send malicious data, not exclusively over the BitTorrent protocol.
Azureus blows. Big nuts. In hell. I turn off UPnP, I have all the required ports open, and now it's bitching about Distributed Hash Tables. -.-
Quote from: deadly7 on January 01, 2006, 12:29:22 PM
Azureus blows. Big nuts. In hell. I turn off UPnP, I have all the required ports open, and now it's bitching about Distributed Hash Tables. -.-
Blasphemer.
Kekeke, I know where the guy that sent exploits to me lives. <3 DNSSTUFf, I emailed his ISP (which is owned by America Online) about it, and if they don't fix it then I e-mail AOL about it and see to it that he = terminated.