I discovered that my son was using BitTorrent. The alert GPL P2P BitTorent Transfer showed up in Security Onion in the 100’s of thousands. He said he uses it to download Linux ISOs because it’s faster than HTTPS transfers. I know what you are thinking, but I have 100% confirmed this. He absolutely did say that.
I had him uninstall it, but continued to see the same alerts in the same quantities. Many IP addresses were connecting to his computer from all over. I guessed that the client was uninstalled but the hosting service was still running in the background. We hunted down the installed programs and active services and identified no suspects. So I introduced him to netstat.
netstat is a command line utility that shows active network connections. The -o option will display the PID (process ID) of the responsible process. This revealed a large number of active connections from many different IP addresses, however the displayed PID was zero. After repeated tries, we finally got a valid PID and identified the culprit. And it wasn’t bittorrent. It was MuseHub, a downloader program associated with MuseScore, a musical notation program. MuseHub has a feature to blah blah blah blah something about “assisting” other users. Yea, let’s not do that. We turned that option off and the traffic stopped.
My son is a pretty savvy computer user so I will give him the benefit of the doubt on this. If this ”feature” came as a complete surprise to him, it will for most users of the software. I’m sure the software was only sharing files associated with MuseScore and nothing personal, but how can I be positive? And there are these things called vulnerabilities. And you never know when one is revealed.
But the greater question is, what chatty services are hiding on unmanaged home networks across the world? What “harmless” features are monopolizing bandwidth and potentially exposing systems to compromise? A foundational step in securing a network is to turn off unneeded services, and this one needed to go.
Be careful out there.
@fmtheilig