BitTorrent protocol header has been detected (BitTorrent_Request)

About this signature or vulnerability

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Virtual Server Protection for Vmware, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IPS, IBM Security Host Protection for Desktops, IBM Security Network Protection, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology:

This signature detects traffic that may indicate a BitTorrent peer is present and active on your network. Default ports are 80/TCP and 6881-6889/TCP


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

RealSecure Server Sensor: XPU 27.060, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.2070, Virtual Server Protection for Vmware: 1.0, Proventia Network IDS: XPU 27.060, Proventia-G 1.1 and earlier: XPU 27.060, Proventia Network MFS: XPU 27.060, Proventia Network IPS: XPU 27.060, IBM Security Host Protection for Desktops: 2070, IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Server IPS for Linux technology: 27.060

Systems affected

BitTorrent BitTorrent

Type

Protocol Signature

Vulnerability description

BitTorrent is a freely available program used for file distribution. BitTorrent peers connect to other peers to allow the simultaneuous transfer of large files without using large amounts of bandwidth. A BitTorrent protocol header has been detected on a default BitTorrent port.

How to remove this vulnerability

This event is for informational purposes only.

References

ISS X-Force
BitTorrent protocol header has been detected
http://www.iss.net/security_center/static/13229.php