BitTorrent protocol header has been detected (BitTorrent_Request)

About this signature or vulnerability

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Network IDS, IBM Security Host Protection for Servers (Unix):

This signature detects traffic that may indicate a BitTorrent peer is present and active on your network. Default ports are 80/TCP and 6881-6889/TCP


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

RealSecure Server Sensor: XPU 27.060, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.2070, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 27.060, Proventia Network IPS: XPU 27.060, Proventia-G 1.1 and earlier: XPU 27.060, Proventia Network MFS: XPU 27.060, IBM Security Host Protection for Desktops: 2070, Proventia Network IDS: XPU 27.060, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

BitTorrent BitTorrent

Type

Protocol Signature

Vulnerability description

BitTorrent is a freely available program used for file distribution. BitTorrent peers connect to other peers to allow the simultaneuous transfer of large files without using large amounts of bandwidth. A BitTorrent protocol header has been detected on a default BitTorrent port.

How to remove this vulnerability

This event is for informational purposes only.

References

ISS X-Force
BitTorrent protocol header has been detected
http://www.iss.net/security_center/static/13229.php