My firewall-gateway first filters all incoming and then outgoing packets from/to the internet according a well known bogon list.
The awkward thing is now, that only very few packets try to come in from such a prohibited network, but quite some try to go out to such a bogon network from Transmission (v1.22 6191 on Debian Lenny). For example: There were no incoming attempts from source 2.0.0.0/8, but my bittorrent machine tried to send 16 packets (with 60 bytes each and SYN flag set, so an attempt to establish a new connection) to addresses in the 2.0.0.0/8 address space. How is this possible?
Why would Transmission try to establish a new connection to an IP address in a bogon net, if that IP address didn't even try to get in touch with me (otherwise it would have been dropped by the incoming bogon check)?
I mean, if no packet with a source address from 2.0.0.0/8 tried to arrive here, how does Transmission even know the IP address from that address space, which it is trying to contact with a SYN package?
I established the outgoing bogon-list check just recently, and that behavior (about no hits incoming, but quite some outgoing) comes as a big surprise.
Transmission trying to establish connections to bogon nets!
-
- Posts: 6
- Joined: Thu Feb 12, 2009 11:44 am
Re: Transmission trying to establish connections to bogon nets!
Because the tracker or peer-exchange told it to do it.Master One wrote:Why would Transmission try to establish a new connection to an IP address in a bogon net, if that IP address didn't even try to get in touch with me (otherwise it would have been dropped by the incoming bogon check)?
Are you using block lists with transmission? It does lower those connections a bit, but not totally, keep your firewall/PeerGuardian/moBlock up.
-
- Posts: 6
- Joined: Thu Feb 12, 2009 11:44 am
Re: Transmission trying to establish connections to bogon nets!
Just updated to v.1.51 recently, but this behavior still exists. I was always using the blocklist function, but these bogon-connection-attempts are still popping up:
How can a tracker or peer-exchange be that misconfigured, to send out such bogon-source-addresses?
I am not concerned (my firewall-gateway is doing a pretty good job), but curious.
Code: Select all
Chain valid-dst (2 references)
pkts bytes target prot opt in out source destination
51 2832 REJECT all -- any any anywhere 2.0.0.0/8 reject-with icmp-net-unreachable
15 864 REJECT all -- any any anywhere 5.0.0.0/8 reject-with icmp-net-unreachable
10 576 REJECT all -- any any anywhere 10.0.0.0/8 reject-with icmp-net-unreachable
15 864 REJECT all -- any any anywhere 192.168.0.0/16 reject-with icmp-net-unreachable
10 576 REJECT all -- any any anywhere 223.0.0.0/8 reject-with icmp-net-unreachable
123 6960 REJECT all -- any any anywhere BASE-ADDRESS.MCAST.NET/3 reject-with icmp-net-unreachable
I am not concerned (my firewall-gateway is doing a pretty good job), but curious.