[ubuntu-uk] Ktorrent, firewall and blocked connections
aeclist at candt.waitrose.com
Wed Mar 28 10:47:51 BST 2007
alan c wrote:
> Tony Arnold wrote:
>> alan c wrote:
>>> I note that I have FTP allowed in firestarter for outbound on ports
>>> 20-21, but presumably that is not he same ftp function you describe?
>> No, the outbound ports you allow will let users of your machine use ftp
>> to some remote ftp server and is completely independent of any remote
>> user connecting to the ftp server on your machine.
>>>> User can run their FTP connection
>>> would this user be my machine or remote machines?
>> On remote machines running an ftp client connecting to your ftp server, say.
>>>> in passive mode, which does not behave
>>>> this but this is not the default, in general.
>>>> I'm not convinced you need an outgoing policy at all unless you want to
>>>> restrict users of your system in what they can/cannot do.
>>> I am virtually the only user on my LAN (!) (wife sometimes). The
>>> reason for the outgoing policy is partly general precaution, partly to
>>> become familiar with what is happening, and partly to very
>>> specifically to limit what happens because the machine is left on 24/7
>>> for torrents mostly upload seeding. I dont know how useful the
>>> policies really are, but I am frankly surprised that so many
>>> apparently malware related service names are being (blocked) attempted.
>>> The Blocking stops when ktorrent is closed. Where in the torrent
>>> process is the possible 'FTP' activity being used?
>> I was assuming people were trying to use FTP to download stuff from your
>> server rather than torrent. The two are quite independent. If you have
>> logging turned on for your ftp server (I assume you are running an ftp
>> server?) then you could see if this so.
>> If you are not running an ftp server, then you don't need the ftp ports
>> open on inbound and you can ignore all I've said about ftp clients:-)
>> Maybe there is an outgoing connection from your machine as part of the
>> torrent process that is getting blocked. I can only imagine that a seed
>> would connect to a tracker to let it know of the presence of the files
>> you are making available, but I'm not too sure of the process here.
>>> I suppose I do not know enough about the torrent process, which does
>>> not help.
>> I'm not sure I know enough about it either!
>>> If the currently blocked items are not blocked, what will the benefits
>>> or disadvantages be?
>>>From a security point of view, the main reason for limiting outbound
>> connections is to stop malware that makes it on to a compromised system
>> from making outgoing connections and infecting other machines. Given you
>> are running Ubuntu and you have some pretty good inbound rules, I think
>> this is unlikely.
>> Setting outbound rules in my experience is quite tricky due to things
>> like ftp and other odd protocols. Normal practise is to just use inbound
>> rules unless you have specific reasons to do otherwise.
> (I don't run an ftp server).
> mmm. Since I have reduced the number of peers allowed, the blocking
> indications from the firewall have stopped. One of the torrent faq
> sites mentioned about the allocated ports being at times overloaded. I
> wonder if there were so many peers attempting to use the seed that the
> ports (management) worked differently or badly, so that other ports
> were being sought, tried, and obviously blocked?
I spoke too soon.
After a night of such working, there was a minute or so burst this
morning of outgoing block events - about a couple of dozen in total.
It looks slightly as if something is occasionally prompting my machine
to respond, and it tries to.
More information about the ubuntu-uk