Torrenting: Weird open ports?

[babadoctor]

Hello

 

Let's say that I have a port open because of UPNP due to me torrenting a file. 

 

Is an attacker able to see any information about the torrent client from my ip address?

 

I can browse to my local IP address and put in the UPNP port, and it shows me a bunch of garbled text.

 

Any idea what this is?

 

[mockedarche]

When you torrent a file other people can see your ip. Hell when I open utorrent I can see the ip of everyone im connected to and even a little flag sometimes of where its from. Want privacy with that theres a lot of options but the best is VPN. I don't however think its common to be attacked because of this. I also don't believe any port being open would effect that as I believe every router has well known ports open.

Edit: source I work with the networking stuff at my college. I don't know as much as a professional but I know that a open port and a ip address doesn't ment you can be attacked.

[babadoctor]

Just now, Ohsnaps said:

When you torrent a file other people can see your ip. Hell when I open utorrent I can see the ip of everyone im connected to and even a little flag sometimes of where its from. Want privacy with that theres a lot of options but the best is VPN. I don't however think its common to be attacked because of this. I also don't believe any port being open would effect that as I believe every router has well known ports open.

You misunderstand my question.

 

I want to understand what information can be gained from someone seeing this port open

[mockedarche]

I don't believe anything can be gained. I get what you're saying but when a server fails and you try to connect to it sometimes you get garbled text. That doesn't mean its useful even to devs. In terms of what that information is I honestly don't know if 100% any answer can be given as it can vary from router to router, os to os, and various other things.

[babadoctor]

Just now, Ohsnaps said:

I don't believe anything can be gained. I get what you're saying but when a server fails and you try to connect to it sometimes you get garbled text. That doesn't mean its useful even to devs. In terms of what that information is I honestly don't know if 100% any answer can be given as it can vary from router to router, os to os, and various other things.

The garbled text obviously means something.

 

I just want to know what.

[mockedarche]

Just now, babadoctor said:

The garbled text obviously means something.

 

I just want to know what.

It could be because the webrowser or text file can't read that encoding of text. UTF-8 tends to be the main thing I know that has mass support. That link might be of some help but I have literally no idea how to backtract to what that actually means especially since I don't have the original only what that program attempted to say it was.

https://en.wikipedia.org/wiki/UTF-8

[babadoctor]

5 minutes ago, BlueScope819 said:

Can you generate a file with that? Like not just paste it into a file but it seems like it should be formatted as something else. If you open it in a hex editor and look at the header you can figure out what filetype it's supposed to be.

https://en.wikipedia.org/wiki/List_of_file_signatures

I can use wget to attempt to retrieve the file, but wget says there are no headers, and that there is a read error at a specific byte, or something like that.

 

This is what the output looks like.

 

[babadoctor]

2 minutes ago, BlueScope819 said:

No I mean like it doesn't matter what it thinks the file is, as long as you can dump it into some type of file then use https://hexed.it/ to look at the header contents

It doesn't seem to have header contents when i do as you said.

Unless I am making some sort of mistake

 

[Statik]

"While a router normally blocks incoming connections, preventing some malicious access, UPnP could allow a malicious program to bypass the firewall entirely. For example, a Trojan horse could install a remote control program on your computer and open a hole for it in your routers firewall, allowing 24/7 access to your computer from the Internet. If UPnP were disabled, the program couldn’t open the port – although it could bypass the firewall in other ways and phone home."

 

Now I don't really know the extent of how dangerous UPNP truly is, someone else might have to elaborate on that. I'm not sure if people can connect to you if you have an open port (from UPNP) available, from a torrent, I don't believe so? But I could be completely wrong.

 

 

[babadoctor]

1 minute ago, BlueScope819 said:

No idea, I mean I looked at this list of headers and it doesn't seem to be in there.

https://en.wikipedia.org/wiki/List_of_file_signatures

This is beyond my level of forensic analysis at the moment, I would run MalwareBytes.

You seem to misunderstand

 

It's not a virus, it's my torrent client opening a port using UPNP

 

I want to understand what information I can gain from the outside based on the open port