Publication Date – October 30, 2018
“File Sharing” is a type of insecure system. These systems are reaching out to abandoned torrent tracker domains for information about files to download via BitTorrent.
This data is observed and verified through a sinkhole and tracker system. The unintended insecure system destination is a HTTP sinkhole, where an abandoned tracker is owned by Bitsight. The system actively searches for other peers that own BitTorrent files.
If the client is retrying the connection with a Bitsight sinkhole domain and continues hitting the tracker sinkhole, it can be determined that it's a poorly implemented client and can't be a legitimate and well-behaved BitTorrent client.
Review the finding details for remediation instructions.
Risks
- Attackers can set up false trackers and inject false information.
- Trackers can instruct clients to fetch files from an arbitrary list of systems, with false or dangerous content.
- IP addresses that have a BitTorrent client that’s trying to reach a Bitsight tracker website and is asking for peers to download software are potentially worse than “legitimate” BitTorrents, since it may be a hidden app running in the background.