[ubuntu-uk] Ktorrent, firewall and blocked connections

alan c aeclist at candt.waitrose.com
Wed Mar 28 10:47:51 BST 2007 

alan c wrote:
> Tony Arnold wrote:
>> Alan,
>> 
>> alan c wrote:
>> 
>>> I note that I have FTP allowed in firestarter for outbound on ports 
>>> 20-21, but presumably that is not he same ftp function you describe?
>> 
>> No, the outbound ports you allow will let users of your machine use ftp
>> to some remote ftp server and is completely independent of any remote
>> user connecting to the ftp server on your machine.
>> 
>>>> User can run their FTP connection
>>> 
>>> would this user be my machine or remote machines?
>> 
>> On remote machines running an ftp client connecting to your ftp server, say.
>> 
>>>> in passive mode, which does not behave
>>>> this but this is not the default, in general.
>>>>
>>>> I'm not convinced you need an outgoing policy at all unless you want to
>>>> restrict users of your system in what they can/cannot do.
>>> 
>>> I am virtually the only user on my LAN (!) (wife sometimes). The 
>>> reason for the outgoing policy is partly general precaution, partly to 
>>> become familiar with what is happening, and partly to very 
>>> specifically to limit what happens because the machine is left on 24/7 
>>> for torrents mostly upload seeding. I dont know how useful the 
>>> policies really are, but I am frankly surprised that so many 
>>> apparently malware related service names are being (blocked) attempted.
>>> 
>>> The Blocking stops when ktorrent is closed. Where in the torrent 
>>> process is the possible 'FTP' activity being used?
>> 
>> I was assuming people were trying to use FTP to download stuff from your
>> server rather than torrent. The two are quite independent. If you have
>> logging turned on for your ftp server (I assume you are running an ftp
>> server?) then you could see if this so.
>> 
>> If you are not running an ftp server, then you don't need the ftp ports
>> open on inbound and you can ignore all I've said about ftp clients:-)
>> 
>> Maybe there is an outgoing connection from your machine as part of the
>> torrent process that is getting blocked. I can only imagine that a seed
>> would connect to a tracker to let it know of the presence of the files
>> you are making available, but I'm not too sure of the process here.
>> 
>>> I suppose I do not know enough about the torrent process, which does 
>>> not help.
>> 
>> I'm not sure I know enough about it either!
>> 
>>> If the currently blocked items are not blocked, what will the benefits 
>>> or disadvantages be?
>> 
>>>From a security point of view, the main reason for limiting outbound
>> connections is to stop malware that makes it on to a compromised system
>> from making outgoing connections and infecting other machines. Given you
>> are running Ubuntu and you have some pretty good inbound rules, I think
>> this is unlikely.
>> 
>> Setting outbound rules in my experience is quite tricky due to things
>> like ftp and other odd protocols. Normal practise is to just use inbound
>> rules unless you have specific reasons to do otherwise.
> 
> thanks.
> (I don't run an ftp server).
> mmm. Since I have reduced the number of peers allowed, the blocking 
> indications from the firewall have stopped. One of the torrent faq 
> sites mentioned about the allocated ports being at times overloaded. I 
> wonder if there were so many peers attempting to use the seed that the 
> ports (management) worked differently or badly, so that other ports 
> were being sought, tried, and obviously blocked?

I spoke too soon.
After a night of such working, there was a minute or so burst this 
morning of outgoing block events - about a couple of dozen in total.

It looks slightly as if something is occasionally prompting my machine 
to respond, and it tries to.
-- 
alan cocks
Kubuntu user#10391

More information about the ubuntu-uk mailing list