Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: TCP/UDP Port Activity - SANS Internet Storm Center TCP/UDP Port Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp bittorrent Bit Torrent P2P
[get complete service list]
User Comments
Submitted By Date
Comment
jm 2012-08-27 12:55:45
These days, regular old torrent clients which listen on 6881-6889 by default are disappearing. Nowadays better clients randomize the listen port, and can go trackerless using only DHT. Clients bootstrap the DHT network by contacting the bootstrap nodes when the client is started. The bootstrap nodes listen on port 6881 UDP.
Scott Dare 2009-10-04 18:45:22
This is a port that the somewhat-popular P2P program BitTorrent listens on. As stated in the BitTorrent FAQ: <http://bitconjurer.org/BitTorrent/FAQ.html> "By default, BitTorrent listens on port 6881, trying incrementally higher ports if it's unable to bind. It gives up after 6889 (the port range is configurable.) It's up to you to figure out how to poke a hole in your firewall/NAT."
aliasxerog 2008-12-11 01:19:20
The Blizzard downloader uses bittorrent
2008-04-29 18:35:44
World of Warcraft uses ports 6881 - 6999 for its blizzard downloader. so my guess is an employee is trying to run warcraft at work
Sven Nilsen 2006-03-12 05:51:38
Do a portcapture on the port and see the data.. the header should be Bit torrent protocol.
2005-07-06 15:32:13
this is the default port for BT, but can be changed to anything you want
dannjr 2005-05-26 20:41:59
Iv seen over 500 emails from our Dlink router reporting 6881 hitting the router from outside in. WE have NO bitorrant anywhere in the system. Theres 10 networked machines with 2 windows 2003 servers running. Apache 1.3 with php and mailenable are the only things running from outside in several ports are individually blocked to the servers includig microsoft exchange. We run 2 dsl connections the second router is a Zonet which is reporting spikes but were still not sure whats hitting on that.. The hits on port 6881 are all consistant with this info in the emails Drop TCP packet from WAN src:64.34.175.193:53339 dst:64.108.212.203:6881 Rule: Default deny The high end port number consistantly changes.. We're still looking into this only because the router keeps dropping the connection on the heavy spike if further info is needed please feel free to let us know Thanks
2003-03-24 19:02:12
Bittorrent base port. Peer to Peer file distribution system
Add a comment
CVE Links
CVE # Description