BitTorrent Mainline DHT Detection

info Nessus Plugin ID 50677

Synopsis

A file-sharing service is running on the remote port.

Description

The remote host is participating in a Distributed Hash Table (DHT) network, an indication of a peer-to-peer file-sharing application is running on the host. Specifically, this host is using Mainline DHT, an implementation developed by the original BitTorrent client and adopted by some others.

Note that, due to the peer-to-peer nature of the application, any user connecting to the P2P network may consume a large amount of bandwidth.

Solution

Make sure that the use of this program agrees with your organization's acceptable use and security policies.

Note that filtering traffic to or from this port is not a sufficient solution since the software can use a random port.

See Also

http://www.bittorrent.org/beps/bep_0005.html

Plugin Details

Severity: Info

ID: 50677

File Name: dht_detection.nasl

Version: 1.8

Type: remote

Published: 11/22/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:bittorrent:bootstrap-dht

Required KB Items: Services/udp/bittorrent