BitTorrent protocol header has been detected (BitTorrent_Request)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects traffic that may indicate a BitTorrent peer is present and active on your network. Default ports are 80/TCP and 6881-6889/TCP


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 1.0.914.2070, RealSecure Server Sensor: XPU 27.060, Proventia Network MFS: XPU 27.060, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Desktops: 2070, Proventia Network IPS: XPU 27.060, Proventia-G 1.1 and earlier: XPU 27.060, Proventia Network IDS: XPU 27.060, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 27.060, Virtual Server Protection for Vmware: 1.0

Systems affected

BitTorrent BitTorrent

Type

Protocol Signature

Vulnerability description

BitTorrent is a freely available program used for file distribution. BitTorrent peers connect to other peers to allow the simultaneuous transfer of large files without using large amounts of bandwidth. A BitTorrent protocol header has been detected on a default BitTorrent port.

How to remove this vulnerability

This event is for informational purposes only.

References

ISS X-Force
BitTorrent protocol header has been detected
http://www.iss.net/security_center/static/13229.php