DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 19, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 191 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

BitTorrent can be exploited for DRDoS attacks

Posted on Monday, August 17 2015 @ 14:29:27 CEST by


BT logo
City University London researcher Florian Adamsky warns vulnerabilities in BitTorrent Sync and BitTorrent clients can be exploited to launch a Distributed Reflective Denial of Service (DRDoS).

In his paper called ‘P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks', Adamsky illustrates how uTP, DHT, Message Stream Encryption and BitTorrent Sync protocol vulnerabilities can be abused by an attacker to amplify Denial of Service attacks.

The IP spoofing exploit is most effective via peer-to-peer file sync tool BitTorrent Sync, where an attacker can amplify his bandwidth by a factor of 120. Popular BitTorrent clients like µTorrent and Vuze yield bandwidth increases of 39 and 54 times, respectively.
Speaking with TF, Adamsky states that it’s relatively easy to carry out a distributed reflective Denial of Service (DRDoS) attack via BitTorrent. The attacker only needs a valid info-hash, or the “secret” in case of BitTorrent Sync.

“This attack should not be so hard to run, since an attacker can collect millions of possible amplifiers by using trackers, DHT or PEX,” he explains.
“With a single BitTorrent Sync ping message, an attacker can amplify the traffic up to 120 times.”
For BitTorrent users, the security risk is limited to unwittingly participating in a DoS attack, which can lead to a lot of wasted bandwidth. BitTorrent has been notified about the issues and patched some in a recent beta release, but µTorrent is still vulnerable to DHT attack. Vuze has yet to release an update.

Via: TorrentFreak



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba