Page 1 of 1

IP trace

PostPosted: Tue Jun 27, 2006 9:59 am
by Mowin
My fire wall tells me that 83.252.141.28 : 61665 is trying to access my computer. What does ": 61665" mean and is it possible to find out who it is? My fire wall tells me that I should accept the access attempt - should I do that?
Mowin, Denmark

PostPosted: Tue Jun 27, 2006 1:34 pm
by robocoder
61665 is the port number. A connection is formed by two endpoints (the source and destination), where each endpoint consists of an IP address and a port. (The port is typically allocated by a process or program.) Unless the port number is < 1024, the port number does not convey meaningful information about the connection (e.g., application).

See also:
http://en.wikipedia.org/wiki/List_of_well-known_ports_(computing)

I'm surprised your firewall would advise you to accept the connection... (That ip, 83.252.141.28, is allocated to a Swedish ISP.)

PostPosted: Tue Jun 27, 2006 2:59 pm
by Mowin
Thanks for your answer.
Actualy I get access atempts from 5 different IPs.
I´ll monitor the situation and I´ll let my firewall block the IPs
Mowin

PostPosted: Wed Jun 28, 2006 8:20 am
by robocoder
If your firewall permits, check to see what the destination port number is. (It would be paired with your IP address.) This might give you an idea of what service the incoming connection is attempting to establish.

PostPosted: Thu Jun 29, 2006 2:50 am
by Mowin
Now I think I have figured it out - thank to your help.
The destination port is 6881 which has to do with my P2P klient.
Now a new question arises. If the IPs i question had not been blocked would they then have had acces to my computer in general or only the folder used for P2P?
Mowin

PostPosted: Thu Jun 29, 2006 5:45 am
by robocoder
Theoretically, the P2P client should only be limited to sharing files in your designated share folder. But in actuality, this will depend on the authors of your P2P client.
  • Did they write secure code? (avoiding potential buffer overflows, etc)
  • Did they take precautions to prevent access to files outside the share folder? (e.g., checking absolute paths, ".." in the path, etc)
  • Did they ship with a backdoor (e.g., for debugging) that could be exploited?
In addition, do you regularly scan your system (especially downloaded files) for spyware and virii?

PostPosted: Thu Jun 29, 2006 8:08 am
by Mowin
Well, I am sorry to say that I am not able to answer your questions.
My client is Bittorrent and I hope it is OK.
I scan my computer regulary with Norton Internet Security and it does not find anything wrong.
However, at one ocation I by mistake allowed one of the suspicious IPs to access my system. So now I am a little vorried about what the consequens is!? I did not notice the IP number and now I dont know what and who I have invited in.

Mowin

PostPosted: Thu Jun 29, 2006 11:45 am
by robocoder
On the whole, I think you have greater risk in the files you download versus whatever client you choose to use.

If you search Google for "bittorrent exploit", you'll see "cheating", "poisoning", and "spyware/adware" as the biggest concerns.
http://www.google.ca/search?q=bittorrent+exploit

PostPosted: Thu Jun 29, 2006 2:31 pm
by Zazz
It is generally encouraged to allow others to connect to you when running a bittorrent client, as the bittorrent protocol gives greater download speed to those who upload to others more. Your client is also actively connecting to other people's clients and giving them access to the same files they would acquire when they connect to you -- this is how the protocol works. There is little reason to block the IPs; the potential security gain is only very minimal and the decrease in your download speed can be drastic, depending on the download.

PostPosted: Thu Jun 29, 2006 3:42 pm
by Mowin
Thanks Zazz and Robocoder.
Never the less I am still a little confused. My P2P client vas not running and I am behind a router. In spite af that someone has been able to address my computer.
But anyway I have now, with your help, found out what is going on. As you might have figured out my knowlege of network is limited and i have to study these things my self in the future.

Mowin

PostPosted: Thu Jun 29, 2006 5:11 pm
by Zazz
If the program is not running you should not let them in. However, it probably does not matter if you do, because there is nothing listening on that port for them to connect to. It's strange that the firewall would even alert you to them connecting if there's nothing running -- are you sure it isn't running? It may have been minimized to the system tray or running in the background somehow.

It is normal for people to try to connect to you after you close it, though -- they don't know that you closed it, and their client still tries to connect. They're probably able to get to you because you have forwarded the bittorrent port in your router for the bittorrent download to work -- either that, or the bittorrent client may have forwarded the port for you; many of them do that now, without even asking!