----- 原始邮件 -----
发件人:"Alexander V. Makartsev" <avbetev@gmail.com>
收件人:debian-user <debian-user@lists.debian.org>
主题:[OT] Strange BitTorrent traffic from China IPs
日期:2024年10月21日 02点44分
发件人:"Alexander V. Makartsev" <avbetev@gmail.com>
收件人:debian-user <debian-user@lists.debian.org>
主题:[OT] Strange BitTorrent traffic from China IPs
日期:2024年10月21日 02点44分
Hello.
I host some Debian ISO images via BitTorrent, among other things and
recently I have noticed very high interest in one torrent in particular: "debian-12.5.0-amd64-netinst.iso".
My torrent client shows multiple connections from various networks (more IPs than /24),
and according to "whois", all originating from China.
The odd part is these remote clients report their ID as "unknown", connect using TCP protocol non-encrypted
and never send more than 4 download requests.
These requests add up to around 1Mbytes of outgoing traffic, but their remote clients always reports 0% of download progress despite each having a few Gbytes downloaded.
So they download this torrent essentially forever, hogging my upload bandwidth.
Another weird thing, I have many other torrents and other Debian ISOs, but these clients from China are interested only in that single one.
Does anybody have something like this on their BitTorrent clients, or have some thoughts about this?
Should I report this strange behavior to admin of Debian torrent tracker (bttracker.debian.org)?
Any theory about why they are interested only in that single torrent and nothing else?
Is this really weak Distributed-Denial-of-Service type of "attack"?
What they could possibly gain from this? I can understand port scans and open port probes, but I don't host anything else.
In other words, what is their goal?
