network breached?

[bleuless]

last night i was playing a video game on my pc and i noticed a dramatic degrade in performance, then i noticed that my DU meter is showing avg 100KB/sec uploading my pc is performing. I know the game that i play (not any game that i know of would) does not do such huge amount of uploading. so i went in my linksys router and checked the log and noticed an awful lots of connections via port 6881 (which i have it forward to my PC, since i use bit torrent) so i immediately killed it (stop it from forwarding to my PC). and the upload immediately dies.

now, i wasn't using my bit torrent software at the time, and wasn't doing anything else but playing my game, which it was still up and active after i stop forwarding 6881 (so i think my game doesn't use 6881).

my home network set up includes a linksys router serves as a gateway to the cable modem, i have another wireless router connected to my linksys that serves as a wireless access point.

the WAP router does not advertise the wireless domain name, and it is not using anything default. so i think i am secure in that area. i also in a suburb, i notice 2 of my neighbor's wireless are totally OPEN. and lastly, even in my house my wireless signal isn't superb, i doubt you can get my signal from 3 houses away.

could it be that the network is breached from the wireless? or my 6881 via the linksys? or is this some benign activity that i am just being paranoid about?

 

[Tazanator]

well bit torrent requires you to share files this traffic was someone downloading a bit torrent file from you.

 

[bleuless]

i wasn't running any bit torrent client at the time.

 

[Tazanator]

well I would first hope it was only bit torrent, My daughters machine has bit torrent and it seems to run at boot. I turn it off only to see the traffic at the router running high again an hour later. I ended up bandwith limiting the Peer to Peer traffic across the board. Next time do a sniff/ tcpdump and see what the traffic is... otherwise it's very hard to say.

you said: so i went in my linksys router and checked the log and noticed an awful lots of connections via port 6881 (which i have it forward to my PC, since i use bit torrent) so i immediately killed it (stop it from forwarding to my PC). and the upload immediately dies.

so I hope it's just BT, you will have to scan and check that computer a little closer but for a first impression I'd say it's BT and nothing to worry about.

 

[bigfatdonny]

so i went in my linksys router and checked the log and noticed an awful lots of connections via port 6881

Considering that this is exactly what you'll see in your log files for normal BT traffic, it's probably benign. If you're really interested in figuring out what's going on, you might try capturing the packets coming out of your NIC.

Grab yourself a piece of software like Etherpeek, and you can analyze all the data. The newest version even allows capture from multiple sources at once. Too bad it retails for $3500.

Seriously, that traffic is nothing to worry about. I normally block that port unless I'm using it, anyway. No need to leave it wide open.