cancel
Showing results for 
Search instead for 
Did you mean: 

Torrent Traffic

Hi ,

For the following logs in SIEM-

P2P BitTorrent MetaInfo Retrieving Policy Violation: PolicyViolation|restricted-application|Inbound|Suspicious|signature|p2p|udp|

P2P BitTorrent File Transfer Policy Violation  PolicyViolation|restricted-application|Inbound|Suspicious|signature|p2p|udp|

P2P BitTorrent Handshaking Policy Violation  : PolicyViolation|restricted-application|Inbound|Suspicious|signature|p2p

P2P Torrent uTP BEP-29 Traffic Detected : PolicyViolation|restricted-application|Inbound|Maybe successful|signature|p2p|udp|

I do see a lot of traffic for the above rule messages. The Source IP's are using random higher range port numbers. Their Locations are random and target IP's are our internal IP's. I am confused as to how to approach with such logs. Is it safe to allow such traffic ?

Please let me know more about bittorrent traffic in this scenario.

Thanks in advance for the help.

Thanks!