Docs

bittorrent_tracker_internal_external

Suggest Edits

Explanation

The bittorrent_tracker_internal_external NDM uses threat intelligence to detect traffic to external hosts running BitTorrent tracker servers. BitTorrent clients will almost always use BitTorrent trackers to find files to download as well as advertise files available for upload. If you are not concerned with the presence of BitTorrent client software this alert can safely be ignored, and will still contribute to detection of file transfers over the BitTorrent protocol.

What to Look For

While IPs hosting BitTorrent trackers often also host other services we only consider traffic on ports commonly used by tracker software. Even so, there may be some false positives for detections of “Low” severity due to trackers running alongside non BitTorrent HTTP servers. At the “Medium” and “High” severity thresholds, these false positives should be very uncommon.

Please refer to the bittorrent detection for further guidance.

Updated 20 days ago