BitTorrent security questions

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm running a Linux desktop behind a NAT router with a
broadband connection to the Internet.  I've also installed
an iptables based firewall (Firestarter) with a completely
permissive outbound traffic policy and an inbound traffic
policy of NO connections from any host allowed and NO
services on any port allowed for anyone.

I frequently use BitTorrent (Azureus to download
files from the web.  In order to support this I enabled
port forwarding on the NAT router for ports 6882-6889 for
service BitTorrent.  With these settings BitTorrent seemed
to be running all right.  

Recently, after I had installed an update for Azureus
(v., I noticed a new colored button in the status
bar which would be either yellow or red indicating a
"Possible NAT (TCP) problem".
In the course of investigating this, I also noticed an item
"NAT/Firewall test" in the Azureus Tools menu which would
test the "incoming TCP/UDP listen port" which I had set to
6886.  When I ran this test, it failed with the message
"Testing port 6886 ... NAT error".  The test dialog box
also offered the following explanation: "In order to get
the best out of Azureus, it's highly recommended to be
fully accessible from the Internet.  This tool lets you
test and/or change the port used to accept incoming peer

I took this recommendation to mean that I should open my
firewall for the ports used by bittorrent.  Accordingly, I
added the inbound traffic policy "Allow service BitTorrent
for port 6881-6889 for everyone."

With that the NAT status indicator button in the Azureus
status bar turned green ("NAT OK (TCP)").  Also, some of
the torrent health indicators for ongoing downloads turned
green, meaning "everything is going fine" whereas before
they had generally been yellow, meaning "you're connected
to peers, tracker is OK but you may have a NAT problem if
your torrents stay on yellow status all the time."

After I'd made these changes everything seemed fine and
subjectively it seemed as though Azureus was working better
and down/uploading faster.

Then I did a Shields Up ( port scan for the range of
ports 6881-6889 while Azureus was running and downloads
were proceeding.  The result: 6881 stealthed, 6882-6885 and
6887-6889 closed, 6886 OPEN.  Ouch!  I'd been running my
system with this configuration for more than a week.

I immediately removed the firewall rule "Allow service
BitTorrent for port 6881-6889 for everyone" and did another
Shields Up port scan.  The result: 6881-6889 stealthed.
BitTorrent down/uploads were still running fine.

Next I also disabled port forwarding for ports 6882-6889 in
the NAT router.  BitTorrent down/uploads were still running

Several questions:

1. When my system was configured with port forwarding
enabled in the router and BitTorrent allowed for ports
6881-6889 in the inbound traffic rules of my firewall, the
Shields Up port scan diagnosed port 6886 as open whenever
Azureus was running.  Did that constitute a major security
hazard that a malicious hacker could have exploited?  Could
he have installed malware via this "open" port, or was this
port only open for the BitTorrent protocol?  If malware had
been installed would it have remained in my user area (I
wasn't running Azureus as root) or could I have been

2. What were the security implications when I was running
Azureus with NAT router port forwarding enabled for
6882-6889 but firewall closed to traffic coming in on
6881-6889?  Was there a possibility of a security
compromise in that configuration?

3. What is the point of aiming for green settings for the
NAT status of the incoming TCP/UDP listen port 6886 and for
"torrent health", settings which potentially introduce
security hazards, when BitTorrent appears to be functional
even when these settings are in the yellow or red range?

Thanks in advance.


Re: BitTorrent security questions

Ports are simply addresses that some software on your system listens for.
They are like apartment numbers in an apartment building. Outside things
can knock on the doors of the various appartment numbers. If noone answers
that means the port is closed. If something answers it is open. But that
something that answers will be some program. The security of the system
depends on what program answers.If it is a buggy program, then an attack
maybe possible. If it is not a buggy program then it will do only what it
is designed to do. In your case it is bittorrent that answers the door. It
is the security of bittorrent that you have to worry about. I do not know
of any bittorrent exploits, but that of course does not mean much.
A port is NOT an open door into your computer system. a port is simply an
address, It is not as if an "open port" allows anything out there to use
that port to do anything on your computer. It simply means that some
program answers the knock.

Quoted text here. Click to load it

Re: BitTorrent security questions

Hash: SHA1

Robert Glueck wrote:
Quoted text here. Click to load it

Azureus only uses port 6881 TCP for data transmission and 6881 UDP for
distributed hash table (dht or "trackerless" torrents) communication by
default. Ports 6882-6889 of either protocol are used for miscellaneous
plugins and additional non-essential services offered by azureus which
can be safely disabled or firewalled off. This is only a minor security
risk as the program azureus would have to be exploited remotely (or you
would have to install a corrupted copy) for an attacker to gain anything
in this way and any gain would be restricted to the user azureus is
running as (i.e., you). You can safely open only port 6881 TCP and UDP
for azureus' use.

Quoted text here. Click to load it

See above, only with a firewall blocking connections to the unnecessary
ports the risk is even further mitigated. Unless the program has been
installed compromised or locally compromised and is making outgoing
connections to malicious servers (in which case you are already in
trouble) you are perfectly safe. Were I you, I would track down
whichever portion of azureus is opening port 6886 and disable it if
unnecessary thought.

Quoted text here. Click to load it

The "green" status of the bit torrent network allows you to receive
connections from hosts who would otherwise be unable to contact you. Bit
torrent is fully functional in "yellow" status and has an unavailable
tracker (for whatever reason) in "red" status. Green status is highly
desirable because it can result in speed boosts of well over 200%. Case
in point, my system tends to download around 15-20 KB/s while yellow and
has been known to reach over 500 KB/s while green.

Quoted text here. Click to load it

Hope this helps,
Version: GnuPG v1.4.2 (GNU/Linux)


Re: BitTorrent security questions

Quoted text here. Click to load it

I really don't agree with this. I'm only using port 55555 for Azureus, and
have any problem with that ;-)

Quoted text here. Click to load it

Re: BitTorrent security questions

Hash: SHA1

Kurt De Bree wrote:
Quoted text here. Click to load it

Oh, yes, you can change the port if you'd like (in fact it is highly
recommended that you do because ISPs like to block port 6881). I was
simply detailing the default behavior.


Version: GnuPG v1.4.2 (GNU/Linux)


Re: BitTorrent security questions

Quoted text here. Click to load it

yes, of corse.

if i was a bad hack3r now i know that you have some ports forwarded and
therefore open.

your firewall has an hole.

i could make an infected email or some kind of tricks for installing or
use a pre-installed software that make me for example an admin of you

Instead if you close all, or stealth you can prevent all risks.

Site Timeline