bittorent Azureus port opening vulnerability?

[kristi]

I've only been around MDK for about a month. Running 10.2b3 at the moment. Been hearing a lot of bitching about bittorrent, so finally got around to installing java (about 30 sec) and installing Azureus (several seconds more) Cranked it up and it seemed to be dragging a bit, so on advice, opened up 6881-6889, and it maxed my connection 400KB/s in, 40KB/s out. This means I could grab the latest beta in an hour and a half. Very cool!

 

While this seems like it might be a security hole, I am not sure if it is, or just how concerned I should be.

First, I have no intention of not using Azureus to grab something.

 

I use Firestarter. I run no servers from this system - it is simply a home desktop computer connected by Comcast cable to the internet. If i check ICMP and pong, then GRC gives me a stealth/passed.

 

If I open 6881-6889 to "anyone", GRC [scan 6880-6899] shows 6881 as open and 6882-6889 as closed. - Not sure why.

 

I suppose the logical question is how can I open 6881-6889 ONLY to bittorrent.

Is there a way I could keep Azureus running and not be vulnerable.

Thanks!!!

Kristi

[devries]

An open port doesn't mean that you're vulnerable. :) In fact ports are there to be connected too. Bittorrent opens that port so other people can connect to your PC to share the file. If your'e worried about security buy a hardware router, shut down unneccesary services and keep your system up to date.

[kristi]

An open port doesn't mean that you're vulnerable. :) In fact ports are there to be connected too. Bittorrent opens that port so other people can connect to your PC to share the file. If your'e worried about security buy a hardware router, shut down unneccesary services and keep your system up to date.

<{POST_SNAPBACK}>

Edited March 8, 2005 by kristi