Advice Request Too many Port scan network attacks!!

[shukla44]

Hello,
I am just wondering if anything is wrong with kaspersky or i have a malware. I keep getting network attacks blocked notification from kaspersky. It is often when i have qbittorrent open. This started a few days ago. I have been using qbittorrent for years now. I don't know what to do or if i can do anything. Anyone has any idea?
Regards.

 

[silversurfer]

Downloading/sharing via any Torrent software can be dangerous to deliver any kind of malware.
Of course, something like false-positive is always possible as well.

You may see a few related URL being still blocked by K. then you can send it to VT and check there...

 

[rain2reign]

There is the possibility that there are seeders (IP) among them known by Kaspersky that have been marked as malicious, DDoS bots or port scanners. Would not be the first time. Of course False positives are a thing too, but can't hurt to scan the files too.

Given the nature of how torrent are downloaded and shared by directly connecting multiple IP's to both download and upload files. This is expected behaviour. Kaspersky in this case just detected an 'foreign' connection trying to scan your network ports. Scan.Generic.PortScan.[x] where as [x] is the variable that shows what type of connection it is like TCP and UDP. Seeing as all the "attacking computer IP's" are from the same IP, that IP can (or not) belong to a party (or person) that does port scanning and perhaps even DDoS (which are more common nowadays over torrents).

 

[shukla44]

I changed some settings in qbittorrent, didn't get any attacks.

Downloading/sharing via any Torrent software can be dangerous to deliver any kind of malware.
Of course, something like false-positive is always possible as well.

You may see a few related URL being still blocked by K. then you can send it to VT and check there...

Funny thing, currently no torrents are in queue.

 

[rain2reign]

I changed some settings in qbittorrent, didn't get any attacks.

Funny thing, currently no torrents are in queue.

If you don't mind me asking, which settings did you change?

 

[shukla44]

If you don't mind me asking, which settings did you change?

 

[rain2reign]

I always disable (untick) "use different port on startup" or equivalent on different clients. Whenever I use torrent I also use my vpn service (airvpn) as the only connection, to mitigate some of these attacks. Since they allow opening of specific ports in the client interface, I used that port instead. Even without, it saves you trouble if you look back in your network logs, since port 98765 (example) is the only port used for your torrents. If something funny shows on that port, you know immediately through what it happened.

 

[shukla44]

A new setting in Kaspersky 2021, which i just found out, keeps protecting me or causing false positives.
I choose to believe the former.

 

[shukla44]

Kaspersky Support Forum

Kaspersky forum where Kaspersky product users and experts share tips, advice, help and solutions in your preferred language

community.kaspersky.com

Here this is mentioned as bug. I don't know what to believe now.

 

[Berny]

You may consider this :

How to collect network traffic logs with WireShark

Overview of settings and features available in a Kaspersky application and guides on how to use them.

support.kaspersky.com

 

[shukla44]

It didn't happen since then. I think it was a false positive. Using qBittorrent with no problems.

You may consider this :

How to collect network traffic logs with WireShark

Overview of settings and features available in a Kaspersky application and guides on how to use them.

support.kaspersky.com

If it ever happens again, will do this.

 

[TairikuOkami]

When browsing the internet UDP scanning is pretty normal. I would get worried, if it were TCP scanning.