Monday, 17 August 2015

BitTorrent Clients Can Strengthen DoS Attacks

Several BitTorrent clients and BitTorrent Sync application to abuse for performing DRDoS attacks, warns researcher Florian Adamsky from City University London. Reflective DRDoS stands for Distributed Denial of Service.

In a traditional DDoS attack (Distributed Denial of Service) attackers have lots of infected computers or servers attacks a website. In the case of a DRDoS-attack is sent to a "reflector" movement, which then forwards it to the final target. DRDoS attacks are especially effective if they send more traffic to the target than they have received from the attacker.


BitTorrent-Adamsky discovered that different protocols can be used to reinforce this way Denial of Service attacks. The problem is present in the UTP, DHT, Message Stream Encryption- and BitTorrent Sync protocols. Especially via BitTorrent Sync attack can be effective, since the attack traffic by a factor of 20 can be strengthened. In the case of popular torrent clients such as uTorrent and Vuze can increase attacks fold, respectively 39 and 54.

An additional problem is that detect attacks via BitTorrent are difficult due to the dynamic port ranges and encrypted handshake used by the clients. Across TorrentFreak Adamsky reports that the attack is simple to implement. An attacker only needs to have a valid info-hash or in the case of BitTorrent Sync on the "secret". BitTorrent has been informed and has in a recent beta version patched the issue. UTorrent however still vulnerable and Vuze has yet to roll out an update.

No comments:

Post a Comment