What seems to be the problem?

Every now and then, people report a malicious attack originating from a distributed.net server onto their network/firewall/machines. They usually report that our machines are probing their network, backing this up with a snippet of their firewall log.

What these people are really seeing is a response from our server to a connection initiated by your own machines. Most traffic monitoring and data capture utilities only show the direction of data transmission, but not the direction in which the connection was established. The connection being seen was established outward from the client to our servers.

Our servers are servers for the distributed.net distributed computing network. The machines at your site have installed a client program that needs to connect to our servers every once in a while.

Technical details

For more info on our project, see http://www.distributed.net/. The mission statement for our project can be found at http://www.distributed.net/mission.php.

People download a small client program to process data, which they retrieve from our servernetwork.

The protocol consists of the client initiating a connection on port 2064, port 80 or port 23 (the client can choose), and our servers respond to that. That's why you'll see portnumber 2064 on our side and a high portnumber on your side. (The portnumber on your side will typically vary for each connection, due to the inherent nature of outward TCP/IP connections uses dynamically selected ports.) So, it's not our server that intrudes your network/firewall, but your machine that connects to our servers.

Why is this client running here in the first place?

Some user on your network downloaded the distributed.net client program and runs it. If this was done without authorization of the admins/owners of that machine, please read the following information:

The distributed.net client program lets your computer be a part of a big distributed computer system. It runs in idle time of that computer. Read more at http://www.distributed.net/.

However, it's not our intention that users install the program on a computer that they don't own or administrate. Our policy can be read at http://www.distributed.net/legal/policy.php. Also, please check our trojans page where you can read about trojan horses that will install our client on your machine. This page is located at http://www.distributed.net/trojans.php.

It is really a shame that some users do not comply with our policies while running the client. If these users find some interesting results for one of our projects, and they run the client on unauthorized computers, they will not get credit for them. That's all we can do.