SirCadian Posted December 10, 2021 Share Posted December 10, 2021 I've recently picked up a router with IDS/IPS capabilities. As a result I've been taking a closer look at the traffic coming in/out of my Unraid server. Something I'm unable to account for is regular ping like activity below (x.x.x.x is the internal ip of my Unraid server): Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET P2P BitTorrent DHT ping request. From: x.x.x.x:44925, to: 138.199.30.2:44925, protocol: UDP Now, I've got no dockers or anything else that use that port and it seems to be well outside the usual torrent port ranges. The IP is in the ranges for Datapacket (https://www.datapacket.com) who provision servers for the likes of Discord. I'm at a loss. Anyone know what this traffic is? Quote Link to comment
BRiT Posted December 11, 2021 Share Posted December 11, 2021 What do you have installed? It is likely a torrent program you opted to install and configure and run. It then picked this random high numbered port to use for callbacks. Quote Link to comment
SirCadian Posted December 11, 2021 Author Share Posted December 11, 2021 I do have qBittorrent installed but it's routed through a privoxy VPN container. I've validated that the traffic is definitely routing through the container by dropping into the qbt container and doing 'curl ifconfig.me'. The IP address returned is a VPN ip, not my real broadband WAN IP. There are no other bit-torrent dockers installed. Quote Link to comment
BRiT Posted December 12, 2021 Share Posted December 12, 2021 (edited) Also, quick Google that IP says it's part of PIA VPN. So using PIA VPN causes that to happen. https://spur.us/context/138.199.30.2 Edited December 12, 2021 by BRiT Quote Link to comment
SirCadian Posted December 14, 2021 Author Share Posted December 14, 2021 That looks to be the cause. Thanks for the help. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.