Yoshiaki-Hatada
commented
3 years ago Windowsをインストールした時に、一緒に開いてしまったようです。どうすればいいですか?
Open pilgrim103 opened 3 years ago
Yoshiaki-Hatada
commented
3 years ago Windowsをインストールした時に、一緒に開いてしまったようです。どうすればいいですか?
Yoshiaki-Hatada
commented
3 years ago 間違ってしまってます。
pilgrim103
commented
3 years ago I am sorry but I am having problems with translating your replies.
ihatejam
commented
3 years ago I had this issue a couple of days ago, after my laptop restarted thanks to a windows update. Even after i added in an exclusion for vpnkit, Malwarebytes still complained...
Further investigation revealed that my old firewall rule (local windows firewall) to allow port-forwarding for ports 31400-31402 had been deleted for some reason. After I recreated the rule, Malwarebytes stopped complaining. Not sure if it was just fixing this rule that worked or the combination of it along with the Malwarebytes exclude.
(The current node container seems to only listen on 31400-31403)
Thinking out loud - it's possible that you've been upgraded to "supernode" as opposed to "a normal node", and now need to support (take connection requests) from other nodes, which can/will be from pretty much everywhere. I don't have the node software in front of me right now but - on the troubleshooting page - you should have some indication of whether you are supporting other nodes.
If you're worried about risk, remember that the connections are all forwarded to a very limited docker container.
Hope this helps.
pilgrim103
commented
3 years ago Thanks.
I was always curious why ports 31404-31409 were not being used.
Yoshiaki-Hatada
commented
3 years ago セットアップで大きな間違いをしてPCも初期設定にしました。それでも、残っているのですか?どうしたらいいか教えてください
2021年6月13日(日) 13:54 pilgrim103 @.***>:
I began using a Port Listener after Malwarebytes began reporting Malicious attacks on Port 31402. If you check, you will find a program called C:\Programs\Docker\Docker\Resources\Bin\vpnkit.exe. Sometimes there are almost 100 of these processes being executed by the above named program, at any given moment, ALL to port 31402. Some of the origin adressesses have a name that indicate it is an "ad". About 1% of the IP Addresses of these vpnkit.exe processes are being flagged as Trojans and are be excluded/blocked (some outbound, some inbound) by Malawaresbyte. Interestingly, most of these attacks are from VIETNAM. Others include Russia, China, Nigeria, Cameroon,Ghana and even the U.S. I am afraid to continue to run the Node. Many of the participants in PI are overseas and would know from the instructions what programs and ports are available to be used for attacks. Sure, exiting Malwaresbyte stops the warnings, but is that wise? Then, when I go to the Xfinity router, it shows theses security threats, countries of origins, and STRONGLY suggests to DELETE ALL Port Forwarding because they claim that it is causing the malicious attacks and then restart the Gateway Modem to clear the nasties. I can get 200 threats in less then a week logged on my Xfinity router. If Xfinity says Port Forwarding is bad, where does that leave us? Can anyone shed any light on this? I cannot be the only one with an Xfinity router/modem and Malwarebytes. And why so many instances of vpnkit.exe running? What does it do? Why always port 31402? I am seriously considering dropping all Node activity until someone can explain this. Could I have done something wrong in my setup?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pi-node/instructions/issues/139, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUFZILCG2CI3KFSHCW6QZQLTSQ2X3ANCNFSM46TMHUEA .
Wu170
commented
3 years ago The use of Microsoft Firewall in the current test network is sufficient to meet the demand. 😄😄
Yoshiaki-Hatada
commented
3 years ago 2021年6月13日(日) 18:49 Wu170 @.***>:
The use of Microsoft Firewall in the current test network is sufficient to meet the demand. 😄😄
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/pi-node/instructions/issues/139#issuecomment-860183373, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUFZILHY4WE2O2TP77UOPPLTSR5KPANCNFSM46TMHUEA .
Yoshiaki-Hatada
commented
3 years ago Is there anything I can do or have to do?
2021年6月13日(日) 18:49 Wu170 @.***>:
The use of Microsoft Firewall in the current test network is sufficient to meet the demand. 😄😄
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/pi-node/instructions/issues/139#issuecomment-860183373, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUFZILHY4WE2O2TP77UOPPLTSR5KPANCNFSM46TMHUEA .
pilgrim103
commented
3 years ago Got me. Ask a Moderator or Malawarebytes. i did find out that there is a known issue with the program C:\Program Files\Docker\Docker\Resources\vpnkit.exe from the Docker people. Seems , at some times, there is a memory leakage causing perhaps +100 processes of vpnkit.exe to be run on port 31402. The latest release was supposed to fix it, but I installed it and have many many dozens of processes of that program running. They say the bug is intermitent. Use a Port Listener that shows every instance of an open port. vpn.exe would be at the end of the list.
From: HATADA YOSHIAKI @.> Sent: Sunday, June 13, 2021 4:54 AM To: pi-node/instructions @.> Cc: pilgrim103 @.>; Author @.> Subject: Re: [pi-node/instructions] Hackers? Exploits? (#139)
Is there anything I can do or have to do?
2021年6月13日(日) 18:49 Wu170 @.***>:
The use of Microsoft Firewall in the current test network is sufficient to meet the demand. 😄😄
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/pi-node/instructions/issues/139#issuecomment-860183373, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUFZILHY4WE2O2TP77UOPPLTSR5KPANCNFSM46TMHUEA .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/pi-node/instructions/issues/139#issuecomment-860183973, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AUADJJTM223SNED5O5KBJZTTSR54ZANCNFSM46TMHUEA.
Yoshiaki-Hatada
commented
3 years ago I didn't understand English, so when I translated it, I couldn't understand it, so I set up a computer at home as soon as I finished work. Did you tell me
2021年6月14日(月) 15:39 pilgrim103 @.***>:
Got me. Ask a Moderator or Malawarebytes. i did find out that there is a known issue with the program C:\Program Files\Docker\Docker\Resources\vpnkit.exe from the Docker people. Seems , at some times, there is a memory leakage causing perhaps +100 processes of vpnkit.exe to be run on port 31402. The latest release was supposed to fix it, but I installed it and have many many dozens of processes of that program running. They say the bug is intermitent. Use a Port Listener that shows every instance of an open port. vpn.exe would be at the end of the list.
From: HATADA YOSHIAKI @.> Sent: Sunday, June 13, 2021 4:54 AM To: pi-node/instructions @.> Cc: pilgrim103 @.>; Author @.> Subject: Re: [pi-node/instructions] Hackers? Exploits? (#139)
Is there anything I can do or have to do?
2021年6月13日(日) 18:49 Wu170 @.***>:
The use of Microsoft Firewall in the current test network is sufficient to meet the demand. 😄😄
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub < https://github.com/pi-node/instructions/issues/139#issuecomment-860183373>,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/AUFZILHY4WE2O2TP77UOPPLTSR5KPANCNFSM46TMHUEA>
.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub< https://github.com/pi-node/instructions/issues/139#issuecomment-860183973>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/AUADJJTM223SNED5O5KBJZTTSR54ZANCNFSM46TMHUEA>.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/pi-node/instructions/issues/139#issuecomment-860419200, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUFZILD3KSTOCX2KYWHPVKLTSWPZ5ANCNFSM46TMHUEA .
Yoshiaki-Hatada
commented
3 years ago hacker? Exploit? # 139 The above comments are out of my mind.
2021年6月14日(月) 15:39 pilgrim103 @.***>:
Got me. Ask a Moderator or Malawarebytes. i did find out that there is a known issue with the program C:\Program Files\Docker\Docker\Resources\vpnkit.exe from the Docker people. Seems , at some times, there is a memory leakage causing perhaps +100 processes of vpnkit.exe to be run on port 31402. The latest release was supposed to fix it, but I installed it and have many many dozens of processes of that program running. They say the bug is intermitent. Use a Port Listener that shows every instance of an open port. vpn.exe would be at the end of the list.
From: HATADA YOSHIAKI @.> Sent: Sunday, June 13, 2021 4:54 AM To: pi-node/instructions @.> Cc: pilgrim103 @.>; Author @.> Subject: Re: [pi-node/instructions] Hackers? Exploits? (#139)
Is there anything I can do or have to do?
2021年6月13日(日) 18:49 Wu170 @.***>:
The use of Microsoft Firewall in the current test network is sufficient to meet the demand. 😄😄
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub < https://github.com/pi-node/instructions/issues/139#issuecomment-860183373>,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/AUFZILHY4WE2O2TP77UOPPLTSR5KPANCNFSM46TMHUEA>
.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub< https://github.com/pi-node/instructions/issues/139#issuecomment-860183973>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/AUADJJTM223SNED5O5KBJZTTSR54ZANCNFSM46TMHUEA>.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/pi-node/instructions/issues/139#issuecomment-860419200, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUFZILD3KSTOCX2KYWHPVKLTSWPZ5ANCNFSM46TMHUEA .
I began using a Port Listener after Malwarebytes began reporting Malicious attacks on Port 31402. If you check, you will find a program called C:\Programs\Docker\Docker\Resources\Bin\vpnkit.exe. Sometimes there are almost 100 of these processes being executed by the above named program, at any given moment, ALL to port 31402. Some of the origin adressesses have a name that indicate it is an "ad". About 1% of the IP Addresses of these vpnkit.exe processes are being flagged as Trojans and are be excluded/blocked (some outbound, some inbound) by Malawaresbyte. Interestingly, most of these attacks are from VIETNAM. Others include Russia, China, Nigeria, Cameroon,Ghana and even the U.S. I am afraid to continue to run the Node. Many of the participants in PI are overseas and would know from the instructions what programs and ports are available to be used for attacks. Sure, exiting Malwaresbyte stops the warnings, but is that wise? Then, when I go to the Xfinity router, it shows theses security threats, countries of origins, and STRONGLY suggests to DELETE ALL Port Forwarding because they claim that it is causing the malicious attacks and then restart the Gateway Modem to clear the nasties. I can get 200 threats in less then a week logged on my Xfinity router. If Xfinity says Port Forwarding is bad, where does that leave us? Can anyone shed any light on this? I cannot be the only one with an Xfinity router/modem and Malwarebytes. And why so many instances of vpnkit.exe running? What does it do? Why always port 31402? I am seriously considering dropping all Node activity until someone can explain this. Could I have done something wrong in my setup?