BitTorrent protocol header has been detected (BitTorrent_Request)

About this signature or vulnerability

Proventia Network IPS, IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Network MFS, IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects traffic that may indicate a BitTorrent peer is present and active on your network. Default ports are 80/TCP and 6881-6889/TCP


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

Proventia Network IPS: XPU 27.060, IBM Security Host Protection for Desktops: 2070, Proventia-G 1.1 and earlier: XPU 27.060, Proventia Network IDS: XPU 27.060, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, RealSecure Server Sensor: XPU 27.060, Proventia Network MFS: XPU 27.060, IBM Security Host Protection for Servers (Windows): 1.0.914.2070, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 27.060, Virtual Server Protection for Vmware: 1.0

Systems affected

BitTorrent BitTorrent

Type

Protocol Signature

Vulnerability description

BitTorrent is a freely available program used for file distribution. BitTorrent peers connect to other peers to allow the simultaneuous transfer of large files without using large amounts of bandwidth. A BitTorrent protocol header has been detected on a default BitTorrent port.

How to remove this vulnerability

This event is for informational purposes only.

References

ISS X-Force
BitTorrent protocol header has been detected
http://www.iss.net/security_center/static/13229.php