Monday, August 17, 2015

BitTorrent Clients May Generate DDoS Attacks, Boosting Bandwidth x120

BitTorrent, the old ISP challenger, is now creating a new threat - a way to generate DDoS attacks.

Source: P2P File-Sharing in Hell:
 Exploiting BitTorrent 
Vulnerabilities to Launch Distributed 
Reflective DoS Attacks (here)
Ernesto reports to TorrentFreak that "New research shows that BitTorrent clients and BitTorrent Sync can be exploited for Denial of Service attacks. With the help of the popular file-sharing protocol an attacker can reflect and amplify traffic through fellow file-sharers, boosting the original bandwidth 120 times. With dozens of millions of active users at any given point in the day the BitTorrent protocol is a force to be reckoned with.

While BitTorrent swarms are relatively harmless, a new paper published by City University London researcher Florian Adamsky reveals that there’s potential for abuse.

The paper shows that various BitTorrent protocols can be used to amplify Denial of Service attacks.

BitTorrent Inc has been notified about the vulnerabilities and patched some in a recent beta release. For now, however, uTorrent is still vulnerable to a DHT attack. Vuze was contacted as well but has yet to release an update according to the researcher.

For users of BitTorrent-based software there is no security concern other than the fact that people are participating in a DDoS attack without their knowledge. The vulnerability mostly leads to a lot of wasted bandwidth"


1 comment: