Review of my home broadband router logs (suspicious activity?)

If you mean ensuring that router does not have access to the internet, that would work, keeping in mind the computer would have to use a second nic and router, for it's internet access, with upnp disabled, assuming internet access is wanted for it.

Regards. Dave Hodgins

Reply to
David W. Hodgins
Loading thread data ...

That's "zeroconf" or "avahi"

"upnp" is about messing with the router. it's used by peer-to-peer services including "windows update" and (historically) "skype", to turn your pc into a server.

Reply to
Jasen Betts

Yes.

Every software can use it to open every port. That's the problem. If you use "good" software, only necessary ports will be opened without no risk.

This is the problem. With a special attack, the router can be used with upnp to open ports, which shouldn't never be opened for access from the internet.

I don't think so, but at the moment, it is bad by design, if I have unterstood the discussion right.

If the ports will stay open, nothing. If not, you have to open this ports manually for playing in the internet or use software which need your computer as a server and not only as a client.

Sincerely, Markus

Reply to
Markus Grob

I presume you mean software on your machine with root privileges can open any port on your machine and ask the router to port forward to that port.

Sorry, what does "with special attack" mean? I suspect it means that if there is a bug in the upnp software on the router, then outside software can tell the router to port forward to your computer. I do not see how your computer will open up ports just because the router asked it to.

Reply to
William Unruh

William Unruh schrieb:

Yes. I ment this. I think about "open" printers, which normally are not open to the internet?

Sincerely, Markus

Reply to
Markus Grob

The strange thing is that I turned off UPNP inside my Netgear router:

formatting link

But, nobody in the household has reported anything adverse going on.

The kids have been playing multi-user games on the playstation, and they still seem to work. Likewise, a bittorrent was tested, which also worked, despite the fact that the preferences in transmission say to use UPnP port forwarding in the router.

Looking into my "transmission" bittorrent preferences, I see this:

formatting link

Which says: [x]Use UPnP or NAT-PMP port forwarding from my router

Should I turn that checkbox off in the "transmission" bittorrent app now that I have turned off UPnP inside my router?

Reply to
Paul M. Cook

bittorrent will still work, even if the incoming port is not reachable, but as a "leacher" it will be much slower.

Click on the Test icon to see what it shows. I expect that port should be opened in the router, and forwarded to the computer running bittorrent.

Regards, Dave Hodgins

Reply to
David W. Hodgins

But have you rebooted the router since making that change?

If not, then the appropriate ports would likely remain open or at least stay in the configuration as being directed towards the appropriate host.

It probably does not matter if it is turned on in transmission but turned off on the router, but you can turn it off to align with the fact that it is turned off on the router.

The best way to deal with transmission (and other applications which need a port or range of ports open eg SIP phones) is in its configuration assign a unique port (not used by anything else of course) on each machine eg 45340 for machine 1, 45341 for machine 2, and then on the router set up rules to forward port 45341 to machine 1, 45342 to machine 2, etc.

Incidentally if you do have uPnP turned on on the router, fire up

upnp-router-control

from package upnp-router-control and you will quickly see that anybody on the LAN side can get information from the router and also do some configuration of ports, perhaps bypassing parental security.

To get an overview of all uPnP traffic on your LAN, fire up

gupnp-universal-cp

from gupnp-tools and you may get a surprise at how many network traffic, not absolute size but just activity and what you can see on each device, if you do have some other uPnP/DLNA devices (eg Smart TV) powered up and connected to your LAN. uPnP/DLNA is a broadcast protocol so every so often (interval is often set to 15 minutes) they start shouting at everything else which may be listening.

Reply to
J G Miller

Thanks David for that suggestion.

Looking into my "transmission" bittorrent preferences, I see this:

formatting link
Which says: [x]Use UPnP or NAT-PMP port forwarding from my router

Looking at transmission bittorrent settings, I see this:

formatting link
Which says: [x]Use UPnP or NAT-PMP port forwarding from my router

Looking at the transmission bittorrent log file, I saw many errors:

formatting link
So, I first fixed (at least) these two (unrelated) errors: Please add the line "Net.core.rmem_max = 419304" to /etc/sysctl.conf Please add the line "Net.core.wmem_max = 1048576" to /etc/sysctl.conf

By adding these two lines to the /etc/sysctl.conf file: net.core.rmem_max = 16777216 net.core.wmem_max = 4194304 And then running the sysctl "-p" and restarting transmission: $ sysctl -p

Then I get these UPnP messages which I don't know what to make of:

formatting link
Which say this: Port Forwarding (NAT-PMP) initnatpmp succeeded (0) Port Forwarding (UPnP) UPNP_GetValidIGD failed (errno 0 - Success) Port Forwarding (UPnP) If your router supports UPnP, please make sure UPnP is enabled! Port Forwarding State changed from "Not forwarded" to "Starting"

Yet, inexplicably, looking at my router, there is no port forwarding!

formatting link

When I hit the suggested "Test" button in Transmission, I get: Testing TCP Port... Port is Closed

Is that what you expected? (I'm not sure what I'm testing.)

Does any of this make sense to you? What else do you suggest I change?

Reply to
Paul M. Cook

Interestingly, even with UPNP turned off on my Netgear router, it found stuff on my Linksys router, which is wired as an extender, which I had totally forgotten about.

The linksys probably has UPNP turned on, and the playstation is actually hooked to that extender (since it's in the play room far from the main router).

I'm still looking at the output, but here is what I did: $ sudo apt-get install upnp-router-control $ upnp-router-control This brought up a GUI, which showed my Linksys wired extender was doing something...but I still need to look more at what its trying to tell me. $ gupnp-universal-cp The program 'gupnp-universal-cp' is currently not installed. You can install it by typing: sudo apt-get install gupnp-tools $ sudo apt-get install gupnp-tools $ gupnp-universal-cp This also brought up a GUI, which I am looking at the output of to figure out what it's telling me.

Reply to
Paul M. Cook

On Tuesday, December 29th, 2015, at 12:03:57h -0500, Paul M. Cook reported:

Yes it shows you the overall up/down traffic rate on the router or bridge that it is connected to but in the case of the router, if the uPnP interface control on the router to administrative functions does not require authentication then it allows the user to add forwarding rules on the router using the big plus + button "Add".

That is showing you all the uPnP/DLNA devices which have been announced on your LAN and it shews you what information or even files (in the case of any media servers) that can be accessed without authentication.

There are other GUI programs in both the gupnp and upnp package suites which you can fire up to investigate and instigate uPnP actions on your LAN.

For example say you had a media server running on a host and a media client running on a host (could be a Smart TV or a WiFi Radio with media player) then you could use gupnp-av-cp to select a file (audio, picture, or video as appropriate) for the media player client) and request for it to be "displayed/played" on the media player client.

Usually in the case of Smart TVs, the TV has to be in media player mode and a confirmation popup appears the first time for that session to allow the file to be played.

An in case you are wondering DLNA is more or less a subset of uPnP but with a few quirks added according to the manufacturer of the hardware media player client (Smart TV, WiFi Radio with media player).

Reply to
J G Miller

I'm still trying to figure out what that sentence means.

  1. Bittorrent will still work (that it does, with or without UPNP set on the router).
  2. So, "why" would leaching be slower?

I'm getting the data somehow.

Reply to
Paul M. Cook

Without the incoming port open, the torrent software will be downloading only, not sharing what's already been downloaded.

As it's not sharing, the torrent peers it's downloading from will give it a lower priority, so it will take longer for the download to happen.

If the peers are not running at their limit, it likely won't make much of a difference, if any. If the peers are at the limit (people waiting in a queue), it will make a much bigger difference. Basically, the torrent software has two queues for download requests. One for peers that are sharing, and one for peers that are not. The download requests from the non-sharing peers are only processed if there are no outstanding download requests from peers that are sharing.

Regards, Dave Hodgins

Reply to
David W. Hodgins

Because the seeding site/software will allow less bandwidth to a pure leach, who won't even share the pieces it just got. In fact on my site I can see that some peers do not get anything at all from me.

PS: I'm only seeding legal torrents, like Linux iso images. For instance I'm currently sharing the latest CentOS (7.2.1511) and openSUSE (Leap 42.1) ones, only to people who will share the load.

Reply to
Eef Hartman

That is odd. My pfsense firewall is set to block all incoming traffic and yet I maintain a ratio of 2 in Transmission. I have no problem sharing. The only difference is all the uploading connections are listed as outgoing, not incoming. This no doubt limits the number of potential leechers but I still share.

Reply to
Wildman

I think I'm out of my league trying to understand that sentence. I don't doubt you. I just don't understand because I figured whatever port that transmission used on Linux is a two-way port. Certainly, even without UPnP enabled on either the router or on tranmsission, I can *see* that I can both seed (upload) and leech (download).

So, "somehow", a "port" is opened on the desktop which does both uploading and downloading in transmission, even without UPnP enabled on either the transmission bittorrent client or on the router.

I've always heard that, if you don't share your files, then you get a lower download speed, but is that really true? (see below where you say it is true)

I generally share until the ratio is 2.x, but I never noticed any speed difference either way. A 1GB file with about 10 seeds takes about an hour (sometimes more, sometimes less).

I share by default, because transmission shares what was just downloaded, so, I wonder if that's why I don't see any slowdown?

From what you're saying, if I start with no file, then I'm not sharing anything, so, I'm in that second queue, but, the moment I start getting data, then I'm in the first queue because transmission, by default, shares what it already has downloaded.

But, back to the ports.

As far as I can tell, the uploading and downloading still happens even though I have turned off UPnP in both transmission & in the router.

From what you're saying, I should be able to download faster if I open a port on the router. I have never done that, but, I have transmission set to an arbitrary port each time it runs, so, how would I know *what* port to open in the router?

Reply to
Paul M. Cook

I also still share until the ratio gets to 2 (which is the default in Transmission).

I had UpNP turned on by default in both the router and in Transmission at the start of this thread, but now I have UpNP turned off in both the router and Transmission.

I haven't noticed anything different in Transmission speeds. (I don't really know how to tell though.)

Reply to
Paul M. Cook

This makes sense that there must be a port for uploading the files, but, I have UpNP off and I can see that both uploading and downloading still occurs.

Wildman seems to be saying the same thing.

So, something doesn't make sense here on what happens when we turn UPnP off.

Reply to
Paul M. Cook

with no port forwarding you have no pubic torrent socket. Basically your torrent client can't interact with other clients that don't have a public socket. it can still interact with clients that do.

Apparently the torrent protocol allows uploads over connections initiated by the source peer.

Reply to
Jasen Betts

I think he means that bittorrent will work for you to download, but your machine cannot be used for uploading to others. That means that bittorrent will regard you as a leacher, and will not give you optimum download speeds (probably by servicing non-leachers-- ie people who are willing to allow others to download from them-- faster service)

No. bit torrent is slower IF you are a leacher.

Reply to
William Unruh

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.