Azureus open ports - security problem?

Laurence Vanek lvanek at charter.net
Mon Apr 10 04:39:47 UTC 2006 

Gene Heskett wrote:
> On Saturday 08 April 2006 13:49, Laurence Vanek wrote:
>   
>> Gene Heskett wrote:
>>     
>>> On Saturday 08 April 2006 01:18, Laurence Vanek wrote:
>>>       
>>>> Have in the past used (with FC4) Bittorrent with my firewall which
>>>> tests as "stealth" when tested with shieldsup on
>>>> https://www.grc.com. I did not need to do anything special with
>>>> regard to opening up my firewall to expose a certain port.  Perhaps
>>>> Bittorrent has a way around this.
>>>>
>>>> Azureus is a different matter.  Apparently I need to open the
>>>> firewall to expose certain ports for it to work.  Otherwise, I get
>>>> the infamous "NAT problem" when configuring it.  If that is the
>>>> case,  isnt this a security problem with port(s) open when Azureus
>>>> is not in use.  Surely not many are going go thru an open & close
>>>> port cycle after every use of Azureus.
>>>>         
>>> Strange as it may seem, thats exactly what I do when I run azureus,
>>> port forward those ports in the router, and an extra set of rules on
>>> the firewall box then allows the port forwarding to this box. Once
>>> you've got them configured, the change can be done, either
>>> direction, without any rebooting, in maybe 2 minutes.
>>>       
>> Thanks Gene. That seems (to me) like it should not be necessary in an
>> ideal world. Do you have any idea how Bittorrent gets around this?
>>     
>
> BitTorrent, at least 4.10 or some such version, also requires exactly 
> the same bit of nvram exersize to work, both in my router, and on my 
> firewall box.  Thats the trackerless version of BT.  I haven't tried 
> BT-4.4 yet, azureus seemed to fit my needs a whole lot better cause I 
> was never able to get the ncurses based gui to work here.
>  
>
>   
>> Looking at the "Settings" tab it seems to have a feature checked on my
>> setup called "Enable automatic port mapping (UPnP)". Wonder if that is
>> the difference.
>>     
>
>   
As an experiment I opened port 49155 in my firewall (use Shorewall to 
config the iptables) & got Azureus to run thru it. While running & 
afterward I probed this port from outside using ShieldsUp 
(https://www.grc.com) & found it "stealthed". It would appear my 
concerns were unwarranted. Perhaps this is because that port no. belongs 
to the range of dynamic or private ports.

More information about the fedora-list mailing list