On 20/10/2024 15:44, Alexander V. Makartsev wrote:
Hello.
I host some Debian ISO images via BitTorrent, among other things and
recently I have noticed very high interest in one torrent in particular:
"debian-12.5.0-amd64-netinst.iso".
My torrent client shows multiple connections from various networks (more
IPs than /24),
and according to "whois", all originating from China.
The odd part is these remote clients report their ID as "unknown",
connect using TCP protocol non-encrypted
and never send more than 4 download requests.
Are they actually speaking the BitTorrent protocol? Could this be caused
by simply connecting to the host (in some kind of port scan), or perhaps
connecting and probing for some other vulnerability, maybe not even
related to BitTorrent (something like "GET
/admin?user=admin&password=imasuperhacker HTTP/1.0")?
--
Justice always prevails ... three times out of seven!
-- Michael J. Wagner
Eduardo M KALINOWSKI
edua...@kalinowski.com.br
