Page 1 of 1

Expiration or removal from DHT Node table

Posted: Thu May 23, 2019 11:54 am
by zipripper4
Hi,
How long is an IP address stored in a DHT Node's table?

Recently I was using Shodan to do a quick check-up on my company's IP address. I discovered a server in another country that is running DHT Node on port 6881/udp, and that server has my company's IP address is the DHT Node table! This is a complete surprise and unexpected. We are still trying to track down the offending piece of equipment on our network which we assume is communicating to the DHT Node. What I am trying to figure out is if this communication is something recent, or could this communication have happened in the past. Knowing how long a DHT Node stores an IP address in the table before removing/expiring it would help me answer that question.

Any help is much appreciated!
- Fred

Re: Expiration or removal from DHT Node table

Posted: Thu May 23, 2019 12:44 pm
by OneCD
Is this a QNAP question? :S

Re: Expiration or removal from DHT Node table

Posted: Thu May 23, 2019 12:57 pm
by dolbyman
I think download station supports dht

Re: Expiration or removal from DHT Node table

Posted: Tue May 28, 2019 8:43 am
by zipripper4
Hi,
Yes this question is related to QNAP. Or at least related software used by QNAP. Its my understanding that Download Station software uses DHT Node servers. I was hoping someone in this forum might know about DHT Nodes and how they work.

For some more background on my question, I was using shodan to search for information on my public IP addresses. Strangely, one host returned by Shodan doesn't belong to my company - its a server in Poland which my company has nothing to do with. Yet my company's public IP address is listed in this server's DHT Node table.

This link is to the shodan web site https://www.shodan.io/host/31.179.69.65
On shodan you can see that the server located in poland is running DHT Node port 6881/udp, and a long list of public IPs in the table. Shodan also shows this server in poland is running several web sites. I visited one of those web sites and it is a login page for a QNAP product.
FAIR WARNING - I don't know anything about the server in poland and it might be malicious. Dont visit those web sites unless you know what you are doing.

The question is - when an IP address is added to a DHT Node table how long is the IP address retained for? Does it stay there forever or does it age out??