Advice Request Too many Port scan network attacks!!

Please provide comments and solutions that are helpful to the author of this topic.
shukla44

shukla44

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 14, 2016
600
5,126
1,168
India
Hello,
I am just wondering if anything is wrong with kaspersky or i have a malware. I keep getting network attacks blocked notification from kaspersky. It is often when i have qbittorrent open. This started a few days ago. I have been using qbittorrent for years now. I don't know what to do or if i can do anything. Anyone has any idea?
Regards.
 

Attachments

  • Screenshot00037.jpg
    Screenshot00037.jpg
    338.4 KB · Views: 1,879
  • Wow
Reactions: JB007, Venustus and silversurfer
Downloading/sharing via any Torrent software can be dangerous to deliver any kind of malware.
Of course, something like false-positive is always possible as well.

You may see a few related URL being still blocked by K. then you can send it to VT and check there...
 
  • Like
  • Thanks
  • Sad
Reactions: JB007, dinosaur07, Venustus and 6 others
There is the possibility that there are seeders (IP) among them known by Kaspersky that have been marked as malicious, DDoS bots or port scanners. Would not be the first time. Of course False positives are a thing too, but can't hurt to scan the files too.

Given the nature of how torrent are downloaded and shared by directly connecting multiple IP's to both download and upload files. This is expected behaviour. Kaspersky in this case just detected an 'foreign' connection trying to scan your network ports. Scan.Generic.PortScan.[x] where as [x] is the variable that shows what type of connection it is like TCP and UDP. Seeing as all the "attacking computer IP's" are from the same IP, that IP can (or not) belong to a party (or person) that does port scanning and perhaps even DDoS (which are more common nowadays over torrents).
 
  • Like
  • Thanks
  • +Reputation
Reactions: JB007, dinosaur07, Venustus and 5 others
I changed some settings in qbittorrent, didn't get any attacks.
silversurfer said:
Downloading/sharing via any Torrent software can be dangerous to deliver any kind of malware.
Of course, something like false-positive is always possible as well.

You may see a few related URL being still blocked by K. then you can send it to VT and check there...
Click to expand...
Funny thing, currently no torrents are in queue.
 
  • Like
  • Applause
Reactions: JB007, Venustus, plat and 3 others
I always disable (untick) "use different port on startup" or equivalent on different clients. Whenever I use torrent I also use my vpn service (airvpn) as the only connection, to mitigate some of these attacks. Since they allow opening of specific ports in the client interface, I used that port instead. Even without, it saves you trouble if you look back in your network logs, since port 98765 (example) is the only port used for your torrents. If something funny shows on that port, you know immediately through what it happened. :D
 
  • Like
  • Thanks
  • +Reputation
Reactions: JB007, Venustus, harlan4096 and 1 other person
  • Like
Reactions: JB007, Venustus, Berny and 3 others

You may also like...