Port concerns - Page 2

code_astronomer · #16 1st March 2006, 09:55 PM

lol
It's true...I do worry a lot. The names just scared me a bit...I wondered what sort of problems could occur, whether I am connecting to them or they are connecting to me...even though i'm using Linux.

Thank you for explaining this to me

I can relax a bit now

w5set · #17 2nd March 2006, 02:52 AM

Well--now if he has used a default install of the repo available Bittorrent, then it uses 6881-6889 for default ports.
So why would he have the upper ports being used?
I am VERY aware that bittorrent can be setup to use just about any port that is normally open to the net--but I doubt he has enabled the upper ports for this use.
Most of the "shared" torrent (screen shot) is USING the normal 688X ports--so why would he have users on the higher ports???
Unless firestarter is showing the ports USED on the other end?
Bittorrent is one app that isn't absolutely secure and safe, there's been numerous users who will hog the bandwidth (leeches) and not share with other children very well. There are several versions of "torrent" software out on the internet with "extra features" installed....(don't just grab torrent software from just anywhere) ....so lets don't just assume everything is just fine and dandy, yet...
Anyone who believes Linux is safe from exploits has had their head buried in the sand too long---come up for air....
It's not just all peaches and cream out in Internet Land just yet.
/off rant

LinuxManMikeC · #18 2nd March 2006, 10:19 PM

Quote:

Originally Posted by w5set

Well--now if he has used a default install of the repo available Bittorrent, then it uses 6881-6889 for default ports.
So why would he have the upper ports being used?
I am VERY aware that bittorrent can be setup to use just about any port that is normally open to the net--but I doubt he has enabled the upper ports for this use.
Most of the "shared" torrent (screen shot) is USING the normal 688X ports--so why would he have users on the higher ports???
Unless firestarter is showing the ports USED on the other end?

I'm going to try not to flame, but what would you expect after posting such a rant? There are several things you obviously don't understand about TCP/IP, let alone BitTorrent. Therefore, I will try to explain.

The default ports for BitTorrent (6881-6889) are a range of ports from which one is chosen when BT first starts. This port is for listening (aka a server port) and is a control port like FTP's port 21. No downloading or uploading occurs on this port. Additional ports for sharing files are chosen dynamically as they are needed from the range of all available ports (except privelaged ports 1-1024, if I remember correctly). Firestarter (as shown in the screen shot) was only showing the port on the remote side of the connection. It was also showing that the connection (with the service labled "Back Orifice 2k") was initiated from the local computer to the remote computer.

Quote:

Originally Posted by w5set

Bittorrent is one app that isn't absolutely secure and safe, there's been numerous users who will hog the bandwidth (leeches) and not share with other children very well. There are several versions of "torrent" software out on the internet with "extra features" installed....(don't just grab torrent software from just anywhere) ....so lets don't just assume everything is just fine and dandy, yet...

Your use of the name BitTorrent becomes ambiguous here. Are you talking about the app or the protocol? Yeah, there could be problems in the protocol. I also don't trust just any client app either. Now you certainly don't understand what a leacher is. They have nothing to do with security, they just don't wan't to share bandwidth and it is a valid option in the protocol. They are freeloaders, not bad guys. And the protocol is actually designed to penalize freeloaders with slower download times.

Quote:

Originally Posted by w5set

Anyone who believes Linux is safe from exploits has had their head buried in the sand too long---come up for air....
It's not just all peaches and cream out in Internet Land just yet.
/off rant

I certainly don't think Linux is invincible (unless you configure it right

), but anyone who uses a well designed and properly configured distro can go out into the virtual world confidently wearing the armour of Linux. It certainly doesn't mean you can run around the net ignorantly, so keep your guard up, but don't fret about every stupid little thing. Also, users should go learn something now and then. It is often users or admins doing something stupid that compromize a Linux box. The whole issue surrounding this thread is that code_astronomer didn't know all the details about how BT uses ports and Firestarter was unclear about what was really going on (something that will have to be improved in Firestarter). I clarified most of the details and then you start crying wolf. I don't appreciate it and it certainly doesn't help code_astronomer any.

ps - If I made any errors in any technical details or mistyped somethiing, deal with it! I've wasted enough time responding already. I'm getting dizzy picking apart this rant and have better things to do. I feel I've sufficiently made my point.

w5set · #19 3rd March 2006, 02:33 AM

Basic question for code_astronomer--
have you edited your torent.config file to USE ports other then 6881 to 6889????
@LinuxmanMike
My post was strong--loud and meant to arouse.
Lets discuss further, as to wasting time?? Only time will tell.
Security is probably never wasted time.
edit:
and while we are waiting for possible? further discussion
http://www.simovits.com/trojans/tr_data/y3778.html
don't know if it's still being classified as a threat--but...

code_astronomer · #20 3rd March 2006, 07:57 AM

no I haven't edited my config at all.
Actually just looking at my settings in the client it has the ports set as: 6881 (for starting point that I typed in) - 65535 (which is a label so I can't change that!)
I'll have to have a look at my config file...

By the way, I'm sorry if I caused any tension in this forum...It's basically my stupidity and paranoia that made me start this thread. I used bit torrent when I was in Windows, but I didn't really care about what it was doing (that and the fact I couldn't see the activity on the ports anyway), but using Linux, I seem to have started to care more about my OS. Linux is more real than Windows. It feels we are actually working togtether more. (If you know what I mean)

w5set · #21 3rd March 2006, 09:07 PM

Are you using the default install of bittorrent?? (like yum install bittorrent)??
If so it doesn't use that high a port or should NOT in any default install.
And if you are using an "outside" source of bittorrent--where did you get it from?
The default ports for the torrent should be 6881 to 6889 and just possibly another one for the tracker.
Anytime I see that (54321) port in use I would really look hard at what/where/why--if it's an outgoing port..
the ports the peers are use is rather unimportant to your system, it's only the ones your system uses that "usually" is the important thing to watch for.
A config for "torrent" that allows the range of 6881 to 65xxx isn't even close to any choice I would personally make to run or even allow to run on my system...
it should have somewhere in the config (FC4 default install with yum, etc.)
min port=6881
max port=6889
as a default setting anyway.
You can config it to run on other ports of course excepting connecting to the tracker's correct port.
The port in question is a very well known Win exploit and a lesser known Linux problem.
Investigate a little further and make sure it's running more/less right by looking at the "outgoing" ports from your computer, and Firestarter will show you this.
Hopefully your system is ok and what you saw was a port used on the Peer connected to you.
But keep looking, and monitoring, there have been a few to many Linux systems compromised lately.
Keep security up to date and sweep often with a rootkit hunter and antivirus too--couldn't hurt...
As to "tension"--I haven't felt any. I wanted some response--it keeps people thinking.
My ego doesn't bruise/break/or part in the middle. I do respond a little strongly sometimes, but security is an important part of my "internet experience"--well either that or I am just anal retentive..

code_astronomer · #22 3rd March 2006, 10:57 PM

I just did yum install bittorrent...should be all default settings.
I have attached a screenshot of my settings.

LinuxManMikeC · #23 4th March 2006, 12:19 AM

That (1024-6****) is just showing you the valid range. The value you enter is the port BT will start on when looking for a port to use as the control channel. In your configuration BT will start at 6881 and keep going until it finds a free port to use. And again, these strange high port numbers you are seeing are just randomly chosen ports for data streams for BT file sharing. As long as you got BT from a source you can trust there is no worry. If you really want to be absolutely certain you can download the source, inspect every line of code, and compile/install it yourself (no point, in my opinion, but a fun learning process

). Note: I don't know python, it can be interpreted (like perl) and compiled/interpreted (like java), right?

code_astronomer · #24 4th March 2006, 10:28 AM

oh I see. I did check my config file and it says the min and max ports defined are in the normal BT range.
I don't think I will worry about this BT thing...I have my system sert up to be secure and I have a firewall on my router too. damn..perhaps I should have mentioned that too :S oops. Could that be why the ports are high?
I'm terrible with networking.
yes, you are right python is interpreted like Java.