Hi Peter, That's correct, in this case the host was a proxy frontend to some public services and is locked down to only be able to talk to its backends, no http/s out, no DNS except to internal resolvers.
Basically I looked into it as much as I could justify, and to be honest the only reason why I queried it with IP-Echelon was to see what the scope for error was there, due to me not finding anything, only to be discouraged by multiple auto form replies. I'm not going to re-image the host on the strength of that. The way I understand these torrent notifications to work is that companies like IP-Echelon join the tracker and passively get a list of every IP address seen to be participating. The thing is, I also understand that some trackers inject a certain percentage of completely random IPs in order to frustrate companies like IP-Echelon… Cheers, Andy On Fri, Jun 07, 2019 at 02:37:09PM +0000, Peter Knapp wrote: > So does the host have no HTTP/HTTPS access, or name server lookups etc? > > BT will use all those ports these days. > > Peter > > > -----Original Message----- > From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith > Sent: 07 June 2019 15:28 > To: uknof@lists.uknof.org.uk > Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at > 2019-06-05T06:41:07Z - Ref > > Hi Peter, > > Just iptables on the host, it's just that this particular host has a > restrictive firewall on both input and output and given the ports > and IPs listed in the report it should not have been possible for > that activity to happen. > > Of course, if it had been compromised then maybe the firewall got > altered and then put back again afterwards but this all gets a bit > far-fetched for the sake of downloading a movie by BitTorrent. > > Like I say, I looked into it and couldn't find any indication that > it had actually happened, and the reporting company was completely > impossible to communicate with. > > Cheers, > Andy > > On Fri, Jun 07, 2019 at 02:07:50PM +0000, Peter Knapp wrote: > > Love to know what firewall you're using that guarantees you can't get any > > form of BT through it please? > > > > Pete > > > > > > -----Original Message----- > > From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy > > Smith > > Sent: 07 June 2019 15:04 > > To: uknof@lists.uknof.org.uk > > Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at > > 2019-06-05T06:41:07Z - Ref > > > > Hello, > > > > On Fri, Jun 07, 2019 at 05:38:10PM +0400, Stephen Wilcox wrote: > > > On Fri, 7 Jun 2019 at 17:25, Andy Smith <a...@bitfolk.com> wrote: > > > > However, one day they sent one that implicated one of our > > > > infrastructure hosts and I could not see any way in which that could > > > > be torrenting, so I asked for more information. Every form of > > > > contact I made resulted in an auto response suggesting that if I am > > > > confused I should ask my network admin about it. > > > > > > So you're saying people who work at infrastructure companies - ISPs, DCs > > > etc, they don't do torrents and the like, and they would not do so with > > > on-premise equipment. > > > > No, I'm saying that unlike customer services in this specific case I > > had full access to it and was able to audit it to the best of my > > ability and found no such activity. BitTorrent wouldn't even have > > been able to get through its firewall. > > > > Cheers, > > Andy > > > > -- > > https://bitfolk.com/ -- No-nonsense VPS hosting
