wtf??

[deadly7]

Ok, this is about the third day in a row it's happened.  I seem to be trying to get exploited with some Network Virus for AWStats.. but the attack only seems to come when I'm on Azureus.  I run Azureus, and about an hour later Trend Micro pops up saying it blocked a network virus that hits Windows AWSTATS users. :\

[AntiVirus]

That sucks Deadly.. :(

Maybe you shouldn't run Azureus anymore.  :P

[Joe]

I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.

When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.

[deadly7]

Na, joe, it's not that.. it's like something corrupted AZUREUS itself.. even if I leave it running with no torrents or anything, I still get the notification.

[rabbit]

Get an older version, then.  I still use 2.1.04 (IIRC), or something old like that...

[deadly7]

I use 2.3.04 :-\

[iago]

It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.  Once the ports are open, you're vulnerable to worms and such that propogate through those ports. 

Whether or not it is actually an issue, if most firewalls (or virus scanners or whatever) detect a propogation attempt, they'll make sure you know that they blocked it and "look how good I am!", even if you aren't vulnerable in the first place. 

I'm guessing that's what you're seeing.  It's not likely that you're in any danger, but commercial firewalls like to make it seem like you are.

[deadly7]

Oh, all right.  Thanks.

[Hitmen]

It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.

Unless, of course, you tell it not to. It wasn't even enabled by default until a few versions ago I think.

[iago]

It's likely because Azureus uses a little known (and pretty dangerous, in my opinion) protocol called UPnP to open the ports it needs on your router.

Unless, of course, you tell it not to. It wasn't even enabled by default until a few versions ago I think.

Well, it's enabled by default now, for sure.  It was messing with my internal router, which wasn't going to do it any good.  I'm glad I realized that before it screwed anything up, and I made sure to disable UPnP on all my routers.

[deadly7]

Well, I disabled UPnP.. now we wait.


Edit: Well, UPnP was already disabled on my router, just now it's disabled in Azureus as well.

[deadly7]

Uh, UPnP has been disabled with Azureus and it still happened. wtf

[Joe]

Are you absolutely sure its not this?

I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.

When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.

[Sidoh]

Are you absolutely sure its not this?

I take it you know how peer to peer networks work. You connect to peers, not servers. BitTorrent is no exception.

When you connect to anyone out there who says they have the data you're looking for, your bound to encounter someone malicious. If Trend Micro blocked it, then you're going to be just fine.

The data would've been rejected anyway, since bittorrent data is checksum'd as it's recieved.

[iago]

The data would've been rejected anyway, since bittorrent data is checksum'd as it's recieved.

However, if any bittorrent client had a vulnerability in it, it could be taken advantage of.  The scanner program might have picked up an exploit for a different version of a different program, or something. 

Or, the signature might just suck.  I've noticed while using Snort to monitor traffic, when I'm downloading something off BitTorrent, it often picks up on signatures that it sees that are purely coincidental.