A lot of connections to port 6881 - some new attacks or what?
Solution 1
Use Wireshark (or similar) and have a look at what the traffic is, rather than just looking at what port it's for. That may give you a clue. Port 6881 is most likely bittorrent traffic but may also be the result of malware. Check your internal traffic as well, looking for signs of bittorrent traffic.
Solution 2
wargaming.net is using port 6881 for p2p game files. Most likely someone on the network is playing games.
Related videos on Youtube
58 : 55
59 : 20
04 : 26
09 : 37
01 : 54
01 : 20 : 58
07 : 21
07 : 00
Dave M
20 years in systems admin and support roles in Windows environments
Updated on September 17, 2022Comments
-
Dave M over 1 year
I am the admin of a small network with a web server and only the web server has a direct connection to the Internet. The rest of the network are connecting through another place.
I was inspecting the traffic on the server with tcpdump, and I found a LOT of connections from different IP addresses to port 6881. All ports on my machine are blocked except those that are really needed for a web server (like port 80). I checked and confirmed that 6881 and the rest of the ports are in filtered (firewalled) state.
Why are all those IPs continuously trying to make connection to the server on port 6881 no matter that it's not open?
Is this some new kind of attack or maybe there's some new exploit (maybe 0day?) for some service running on 6881 ? AFAIK port 6881 is used by bittorrent and similar.
-
HB MAAM almost 14 yearsAnyone on the network using bittorrent(or steam,wow, or similar) ? bt clients advertise what they think is their external ip to trackers, and some clients just never give up connecting back
-
