Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!



Results 1 to 2 of 2
Like Tree1Likes
  • 1 Post By Stallion

Thread: How BitTorrent could let lone DDoS attackers bring down big sites

  1. #1
    Extreme User
    Stallion's Avatar
    Reputation Points
    6493
    Reputation Power
    100
    Join Date
    Oct 2013
    Posts
    775
    Time Online
    13 d 18 h 6 m
    Avg. Time Online
    5 m
    Mentioned
    215 Post(s)
    Quoted
    69 Post(s)
    Liked
    718 times
    Feedbacks
    47 (100%)

    How BitTorrent could let lone DDoS attackers bring down big sites

    uTorrent, Mainline, and Vuze most susceptible to DoS abuse, researchers say.

    http://cdn.arstechnica.net/wp-conten...ck-640x404.png

    Some of the most widely used BitTorrent applications, including uTorrent, Mainline, and Vuze are also the most vulnerable to a newly discovered form of denial of service attack that makes it easy for a single person to bring down large sites.

    The distributed reflective DoS (DRDoS) attacks exploit weaknesses found in the open BitTorrent protocol, which millions of people rely on to exchange files over the Internet. But it turns out that features found uTorrent, Mainline, and Vuze make them especially suitable for the technique. DRDoS allows a single BitTorrent user with only modest amounts of bandwidth to send malformed requests to other BitTorrent users.

    The BitTorrent applications receiving the request, in turn, flood a third-party target with data that's 50 to 120 times bigger than the original request. Key to making the attack possible is BitTorrent's use of the user datagram protocol, which provides no mechanism to prevent the falsifying of IP addresses. By replacing the attacker's IP address in the malicious request with the spoofed address of the target, the attacker causes the data flood to hit victim's computer.

    "An attacker which initiates a DRDoS does not send the traffic directly to the victim," researchers wrote in a research paper recently presented at the 9th Usenix Workshop on Offensive Technologies. "Instead he/she sends it to amplifiers which reflect the traffic to the victim. The attacker does this by exploiting network protocols which are vulnerable to IP spoofing. A DRDoS attack results in a distributed attack which can be initiated by one or multiple attacker nodes."

    The reflective form of DoS has three main advantages for the attacker, including:

    it hides the identity of the attacker;
    it can be initiated by a single computer while resulting in a distributed attack, that is, one that's carried out by multiple computers with many different IP addresses; and
    it amplifies the original attack packet, in some cases by as much as 120 fold.


    Dos amplification techniques are by no means new. So called Smurf attacks and DNS amplification attacks take advantage of misconfigured routers and domain name system servers respectively to bounce traffic greatly magnify the fire power visited on an unlucky target. As the number of poorly configured servers has fallen in recent years, those types of attacks have become less common, although DNS amplification still remain a problem. Last year, miscreants targeting gaming sites turned their attention to a previously never-before-seen amplification technique that abused large numbers of time-synchronization servers running the network time protocol. The technique has on occasion achieved volumes as high as 400 gigabytes of data per second, believed have been a record when it was measured in early 2014.

    DoS amplification attacks are most effective when they abuse widely used applications or services that are vulnerable by default. The researchers who describe the DRDoS technique said one Internet scan they performed identified 2.1 million IP addresses using BitTorrent. They recommended several countermeasures be added to the BitTorrent protocol to prevent IP spoofing and to prevent amplifying the amount of data that BitTorrent apps send in response to requests.
    PriceLess likes this.

  2. #2
    Extreme User
    Stallion's Avatar
    Reputation Points
    6493
    Reputation Power
    100
    Join Date
    Oct 2013
    Posts
    775
    Time Online
    13 d 18 h 6 m
    Avg. Time Online
    5 m
    Mentioned
    215 Post(s)
    Quoted
    69 Post(s)
    Liked
    718 times
    Feedbacks
    47 (100%)
    With whatever knowledge and shit I have I can say if this ever happened it won't effect whole public p2p ecosystem. As, when DHT/PEX got flooded with DOS spammers; all end user has to do would be to disable DHT (from default) settings and just rely on public trackers. It won't effect the entire ecosystem as when DHT would fail (which I doubt) trackers will take it's place and vice versa.
    Last edited by Stallion; 08-17-2015 at 04:55 PM.



Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •