how safe is using bittorrent
I had a reality check today. I was getting some films with bittorrent and to get it to work i turned off the router's firewall and opened up about 10 ports in a range, including tcp and udp.
In addition, i made exceptions in my computer firewall for these ports. I had left my pc for about 3hours and when i turned the monitor on there was over 10 windows open for a dialog for saving 'a snapshot' of the desktop. I pulled the plug on my modem straightway. I turned on my router firewall and removed all the ports i opened. I set my firewall back to blocking everything. i also changed some policies e.g by making my home directory permissions only rw by myself, by disallowing remote connection to x windows... Right now, i am not going to start using bittorrent again until i know whats what. First thing i want to know is do i need to open just one port for bittorrent or not? Some websites say you should open a whole range of ports. The second thing is, if i am opening a port what is to stop joe cracker from logging onto my computer and doing some damage? Just how safe is this bittorrent stuff? From my experience, it sure dont seem very safe to me. |
well 1st don't ever open your firewall!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!
Any software that is legit should allow for the client being able to traverse it with out problem. use something that comes with your distro for a client, in my case it was transmission. i would think very hard about wiping your system as it most likely has been compromised. |
Quote:
It's research time, not clean-up time. If you wipe your drive, you aren't going to learn from this and will quite possibly run into the same situation again later. |
Quote:
Quote:
|
Regarding the topic of BT security in general (this is separate from the possible compromise):
I don't think with BitTorrent it would really matter too much whether you "open the port" or not. I mean, I'm sure it reduces the threat somewhat, but people are still able to upload/download from you. Personally, I think that your security concerns regarding BT are well-founded. With BT you've got hundreds upon hundreds of connections open with all kinds of strangers and potentially hostile hosts. Someone who finds an exploit for a popular BT servent and creates an exploit will be able to wreak havoc upon many of us. Personally, I started to become extremely concerned about BT security a while back. I stopped using it on my personal account and instead used a dedicated user account for it - extremely inconvenient. I haven't really had time to use BT lately but once I do get back into it I'm gonna do this right by wrapping my servent (I use Transmission) up with AppArmor instead. I just haven't had time to create a profile for it yet. Having my BT servent run under mandatory access control won't fix any security vulnerabilities in it, but it will give me peace of mind that any exploit launched against it will be severely limited in what it can do. |
A broader question is this: "is there a history of bittorrent exploits?"
Are there known exploits against bittorrent clients right now? I know of none, but that means nothing. I also have never experienced anything like what OP describes, and sometimes when I have KTorrent running, I watch it just to see what it is doing. |
I think the OP must have accidentally hit the print Screen key :)
|
Since you disabled the router's firewall, every port you have open on the computer was exposed, not just the ones that bit torrent uses. Also, you only needed to open one tcp port and another udp port to be able to seed torrents as well. Look at the ports that were exposed using nmap on another computer on the LAN. Also, opening the router, you may have had a different host compromised which may have been a trusted host on the LAN. So you need to look at the ports exposed on all of the hosts on the LAN, not just the one using bit torrent.
|
Quote:
|
Quote:
Quote:
|
Quote:
:) DON'T PANIC Unspawn probably gave the best advice in the thread. Run through the cert checklist, run both of the root kit checking programs, etc. It's entirely possible your system has been compromised for months or that it's not compromised at all and your cat stepped on the keyboard, or that you're right-- its compromised. You need to establish the facts of what is happening before you do anything significant. As far as I know there have been no Linux system compromises on the bit torrent clients, although that doesn't mean there aren't any. If your system is actually compromised then you need to look at the source of the client too. Did you download it from the sanctioned website or from your distributions repository or off some obscure forum? etc. There's also a big difference in the significance of a root level compromise and a user level compromise. First things first though, calm down, don't panic, *think*. |
'Hacker found'
Quote:
However, I found the Hacker that caused the 'screenshot' dialog to appear!. I at first thought it was a 'remote hacker/cracker' who wanted a snapshot of my desktop as a trophy!! But thankfully, i saw the same dialog pop up today. My cat has a habit of sleeping on top of my monitor and from time to time he will jump down onto the keyboard!!! thus causeing the print screen button to be pressed multiple times. In my case, this was a false alarm - but i am definately going to take a closer interest in security issues from now on. When the problem first appeared i felt like the victim of a burglary - thinking that someone had been poking around my pc. I will do my best to make sure this threat is minimised for real. |
hehe... is that what they mean by a 'Black Cat' hacker. ;)
|
Anyone know of a cat-detection application for GNU/Linux?
I remember seeing some for Windoze a few years back (PawSense, etc). Might be a good idea to use such a tool to prevent this from happening again. |
Could one not disable the keyboard possibly by renaming or changing permissions on whatever /dev the keyboard is on?
Then, perhaps, to renable, a virtual keyboard.... Or, a script that would disable the keyboard, then re-enable when a zenity or xdialog is moused... Edit: Here we go: Lock Keyboard For Baby Code:
http://csincock.customer.netspace.net.au/lock-keyboard-for-baby.htm cheers, |
All times are GMT -5. The time now is 05:33 PM. |