December 10, 20214 yr I've recently picked up a router with IDS/IPS capabilities. As a result I've been taking a closer look at the traffic coming in/out of my Unraid server. Something I'm unable to account for is regular ping like activity below (x.x.x.x is the internal ip of my Unraid server): Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET P2P BitTorrent DHT ping request. From: x.x.x.x:44925, to: 138.199.30.2:44925, protocol: UDP Now, I've got no dockers or anything else that use that port and it seems to be well outside the usual torrent port ranges. The IP is in the ranges for Datapacket (https://www.datapacket.com) who provision servers for the likes of Discord. I'm at a loss. Anyone know what this traffic is?
December 11, 20214 yr What do you have installed? It is likely a torrent program you opted to install and configure and run. It then picked this random high numbered port to use for callbacks.
December 11, 20214 yr Author I do have qBittorrent installed but it's routed through a privoxy VPN container. I've validated that the traffic is definitely routing through the container by dropping into the qbt container and doing 'curl ifconfig.me'. The IP address returned is a VPN ip, not my real broadband WAN IP. There are no other bit-torrent dockers installed.
December 12, 20214 yr Also, quick Google that IP says it's part of PIA VPN. So using PIA VPN causes that to happen. https://spur.us/context/138.199.30.2 Edited December 12, 20214 yr by BRiT
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.