I notice on my firewall that my QNAP NAS is continuously sending UDP sessions out to the Internet. Every second I have 5 - 7 connections out to addresses like the following:
2013-11-10 23:17:54 Deny 192.168.60.5 93.215.212.162 6881/udp 6881 6881
2013-11-10 23:18:05 Deny 192.168.60.5 87.76.0.83 29872/udp 6881 29872
2013-11-10 23:18:05 Deny 192.168.60.5 5.164.188.224 6881/udp 6881 6881
2013-11-10 23:18:05 Deny 192.168.60.5 80.61.45.206 6881/udp 6881 6881
2013-11-10 23:18:34 Deny 192.168.60.5 37.117.204.129 6881/udp 6881 6881
2013-11-10 23:18:34 Deny 192.168.60.5 71.67.101.30 51413/udp 6881 51413
2013-11-10 23:18:34 Deny 192.168.60.5 89.28.92.191 8621/udp 6881 8621
2013-11-10 23:18:34 Deny 192.168.60.5 94.244.157.85 28221/udp 6881 28221
2013-11-10 23:18:34 Deny 192.168.60.5 213.241.61.240 9089/udp 6881 9089
2013-11-10 23:18:45 Deny 192.168.60.5 88.163.28.100 52721/udp 6881 52721
2013-11-10 23:18:45 Deny 192.168.60.5 37.55.190.20 10027/udp 6881 10027
2013-11-10 23:18:45 Deny 192.168.60.5 62.72.188.146 14306/udp 6881 14306
2013-11-10 23:19:14 Deny 192.168.60.5 85.53.244.205 51413/udp 6881 51413
2013-11-10 23:19:14 Deny 192.168.60.5 67.163.18.215 52130/udp 6881 52130
2013-11-10 23:19:14 Deny 192.168.60.5 86.172.105.140 9089/udp 6881 9089
2013-11-10 23:19:14 Deny 192.168.60.5 99.28.56.121 52383/udp 6881 52383
2013-11-10 23:19:14 Deny 192.168.60.5 109.60.184.249 46217/udp 6881 46217
2013-11-10 23:19:25 Deny 192.168.60.5 121.107.144.174 21135/udp 6881 21135
2013-11-10 23:19:25 Deny 192.168.60.5 84.39.116.180 48446/udp 6881 48446
2013-11-10 23:19:25 Deny 192.168.60.5 183.238.254.62 openvpn/udp 6881 1194
This is frightening as it seems like it's been hacked to send information out. Has anyone observed this behaviour from their QNAP NAS?
That's bittorrent traffic. More specifically, it's traffic caused by the distributed hash table (DHT) protocol. There's even a thread about it on the QNAP forums