Unusual traffic on 44925


SirCadian

Recommended Posts

I've recently picked up a router with IDS/IPS capabilities.  As a result I've been taking a closer look at the traffic coming in/out of my Unraid server.  Something I'm unable to account for is regular ping like activity below (x.x.x.x is the internal ip of my Unraid server):

Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET P2P BitTorrent DHT ping request. From: x.x.x.x:44925, to: 138.199.30.2:44925, protocol: UDP

Now, I've got no dockers or anything else that use that port and it seems to be well outside the usual torrent port ranges.  The IP is in the ranges for Datapacket (https://www.datapacket.com) who provision servers for the likes of Discord.

 

I'm at a loss.  Anyone know what this traffic is?

Link to comment

I do have qBittorrent installed but it's routed through a privoxy VPN container.  I've validated that the traffic is definitely routing through the container by dropping into the qbt container and doing 'curl ifconfig.me'.  The IP address returned is a VPN ip, not my real broadband WAN IP.  There are no other bit-torrent dockers installed.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.