BTSync attempting to connect to servers in .ru etc.


Recommended Posts

Been using BTSync for over a month now. Today, Little Snitch starting lighting up with attempted connections (see attached image for reference)

The IPs are different in other warnings. Whois searches reveals them as servers in Russia and Bulgaria.

We're only using this between three computers in the office - two OSX and a Windows machine.

Anyone else seeing this?

post-28692-0-40927700-1372456304_thumb.p

Link to comment
Share on other sites

Yes. I reset the folders that were being synced, and re-synced with Relay, Tracker and DHT off, and I'm still getting attempted connections to other servers.

I've read the post on router entries and these servers/ports don't seem related to what is listed there.

It raised a red flag for us since we've been using the same settings for a while, yet today we're seeing these connection attempts for the first time.

Attached is a screen shot from Little Snitch's rules for BTSync. The denied connections are the ones that have been popping up today. This isn't all of them; other attempted connections were to servers in China, Israel...

post-28692-0-89893200-1372464778_thumb.p

Link to comment
Share on other sites

Hmm.. what version of Sync are you currently running? (The latest build is 1.1.22) ...Did you notice these connections after updating to a new build, or did they just start appearing without any changes/updates to your Sync?

Some other thoughts; Did you download Sync from an official source (i.e. here or here)? ...and are you running up-to-date virus protection on the device(s) in question?

Link to comment
Share on other sites

Was running 1.0.134 (OSX). Updating now.

I've been away for the last week, and we haven't changed a thing in terms of the config, synced folders or versions at all. These attempted connections just started today.

I originally downloaded it from BitTorrent's site. There is no virus protection on the Macs.

I've removed it entirely from the one Windows machine it was running on for the moment.

---

Just updated, reset the folders to be synced, turning off tracker etc. (Just syncing over a LAN right now). The update seems to have fixed it - no connections other than expected. On the earlier version(1.0.134), it was trying to connect to these other servers almost immediately. So far, the new version is quiet. I'll let it run overnight and see if anything pops up by morning.

Thanks for all your help.

Link to comment
Share on other sites

Hello OP,

You are not alone with the observed behavior of BTsync.

I'm running a Mac mini (OS X 10.8.4) on my LAN with Little Snitch, BTsync (tracker & relay server enabled) & µtorrent as bittorrent client. Every version of BTsync I downloaded from this forum (1.0.134 till current one) starts connecting to random machines once I start a download via µtorrent.

Depending on the swarm size of the torrent my machine usually connects to other hosts every 2 - 7 secs. The locations of these remote machines range from same city to the other side of the planet.

It seems there is some kind of "connection spill-over" from BTsync's tracker. However according to the debug logs none of those machines were ever connecting to my shared folders or directly exchanging data with the Mac mini.

Neither my MacBooks nor my Linux machines show any of these random connections. None of them runs a bittorrent-client though. A complete scan with ClamXav reports my Mac mini as clean.

Yv

Link to comment
Share on other sites

So, after the weekend, this is what I found:

BTSync is on only two OSX boxes, running the latest version. Syncing only one folder with relay, tracker and DHT off.

My machine was relatively quiet, with only one attempted connection to an IP that resolved to Brazil.

The other machine, which happens to be running uTorrent, attempted nearly 5300 connections.

This might just be DHT tables, but it's curious that the machine running uTorrent has attempted so many connections as opposed to the other machine (1).

I'll take a look at setting up pre-designated hosts and see how that goes.

Link to comment
Share on other sites

Was running 1.0.134 (OSX). Updating now.

I've been away for the last week, and we haven't changed a thing in terms of the config, synced folders or versions at all. These attempted connections just started today.

I originally downloaded it from BitTorrent's site. There is no virus protection on the Macs.

Who the hell ever told you that lie? There are literally tons of AV programs for Mac.

If you need one, use this: http://www.avast.com/free-antivirus-mac

But here are more: http://download.cnet.com/mac/antivirus-software/ (~37 of them)

Most likely DHT will still populate its tables and will connect to dozens of semi-random machines around the world. As long as there's not a sigificant amount of data transfered to these IPs, it's absolutely no problem.

Good answer.

So, after the weekend, this is what I found:

BTSync is on only two OSX boxes, running the latest version. Syncing only one folder with relay, tracker and DHT off.

My machine was relatively quiet, with only one attempted connection to an IP that resolved to Brazil.

The other machine, which happens to be running uTorrent, attempted nearly 5300 connections.

This might just be DHT tables, but it's curious that the machine running uTorrent has attempted so many connections as opposed to the other machine (1).

I'll take a look at setting up pre-designated hosts and see how that goes.

5300 connections is a bit more than suspicious, but I really think it's just network interference within the bittorrent network.

Link to comment
Share on other sites

Before about 1.1.12 the DHT module was not turned off when the flag was turned off on all the shares. It would still respond to external DHT requests but would not initiate a connection to DHT. This has changed.

There are plenty of AV solutions that run on MAC and Linux.

They have 99.999% Windows signatures.

There are maybe six Mac signatures, half of them are variants, none of them are real viruses, just trojans.

From what I can tell the last time the Mac signatures were updated was in May 2011, that extra signature was described as a "bumper crop" by Intego.

BUT "phishing" is any-platform, some AV traps this stuff as well and calls it a virus to inflate the stats; most people call it spam.

Link to comment
Share on other sites

Who the hell ever told you that lie? There are literally tons of AV programs for Mac.

Before things get out of control, I've read the answer as "there is no AV running on the Macs [in question]", i.e. on HIS/HER Macs, not that there are none available in general.

Link to comment
Share on other sites

>>just disable the Relay, Tracker, and DHT options

I'm new to BT sync, can these be set globally? So far it looks like I need to do this on each of my 15 folders individually.

I did see a netstat entry for coxhn.net:1038 right after installing the client which went away after I blocked sync in my firewall.

Process explorer shows sync using 114k / 297k of ram on an XP pro laptop but only 58k / 187k on a win 7 starter netbook that has the same number of folders being synched.

I turned off all my syncs in Spideroak thinking BT sync could replace it but the memory use has me rethinking my plan.

Link to comment
Share on other sites

I'm new to BT sync, can these be set globally? So far it looks like I need to do this on each of my 15 folders individually.

These are per-folder settings, so you would need to do this for all your folders

I turned off all my syncs in Spideroak thinking BT sync could replace it but the memory use has me rethinking my plan.

Are you using the latest Sync version (1.1.26)? The build before that (1.1.22) had some pretty big CPU/Memory issues, but these have been fixed for 1.1.26 :)

Link to comment
Share on other sites

To close the topic:

- Sync contacts different ip addresses only if DHT is on;

- There was a bug in early builds when this settings wasn't properly treated by app, please upgrade;

- Please do not mix traffic from Sync with regular BitTorrent client.

If you are on 1.1.26 build and later, DHT is off and you are sure that BitTorrent is not running there will be no any ip addresses besides machines with your secret.

kos

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.