BitTorrent: Theoretical boosted DoS attack threat has been mitigated

BITTORRENT HAS TOLD The INQUIRER that we can all chill on panic talk about lone hackers and souped-up denial-of-service (DoS) attacks, informing us that the published problems have been taken care of. 

We are here because security research, the scourge of Oracle the malware industry, found that BitTorrent could be exploited by lone warriors and used to bring down sites through DoS attacks.

It would usually take a whole gang of computers to lob a DoS attacks at an organisation, but it is now apparently possible to do some of the grunt work through one computer, in one bedroom, and through BitTorrent's services.

A scientific paper, called P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks, was released by City University London researcher Florian Adamsky and cloud security firm Plumgrid at last week's iWoot security show.

The research found that torrent-associated protocols can be used to boost a DoS attack, if not completely effect one.

"In this paper, we demonstrate that the BitTorrent protocol family is vulnerable to distributed reflective DoS attacks. Specifically, we show that an attacker can exploit BitTorrent protocols Micro Transport Protocol, Distributed Hash Table, Message Stream Encryption and BitTorrent Sync to reflect and amplify traffic from peers," they wrote.

"Our experiments reveal that an attacker is able to exploit BitTorrent peers to amplify the traffic up to a factor of 50 times and in case of BTSync up to 120 times. Additionally, we observe that the most popular BitTorrent clients are the most vulnerable."

Adamsky, speaking to the TorrentFreak website, suggested that the attack is relatively easy to carry out.

"This attack should not be so hard to run, since an attacker can collect millions of possible amplifiers by using trackers, Distributed Hash Table or peer exchange," he said. "With a single BTSync ping message, an attacker can amplify the traffic up to 120 times."

Whoa, there. BitTorrent is here with its reaction, saying that Adamsky came to the firm a few weeks before going public, and it has already taken much of this in hand.

BitTorrent told The INQUIRER that this attack is theoretical, and has not been seen in the wild. Rather, it was carried out in a controlled environment. The firm added that such attacks are possible because of the nature of the systems at hand, but explained that it is aware of this and works against the weaknesses.

"Attacks like this will always be possible due to the way that User Datagram Protocol-based protocols work. Abuse of DNS is commonly known. And even as recent as February 2014, public Network Time Protocol servers across the world were leveraged to carry out such an attack," BitTorrent said, explaining that it has already carried out some remedial work.

"Nonetheless, we've taken the vulnerability reports seriously and have taken steps to harden our protocols and mitigate some weaknesses outlined in the research paper. The team at BitTorrent has already been able to address much of the issue prior to the paper's publication and will soon have mitigated the matter completely."

BitTorrent added that Sync already had much of the preventative measures required to see off this threat, explaining that the hacker would need to know their target or get them to expose themselves publicly.

The firm will share more information about its findings and feelings in a blog post later. µ

• Tweet  
• Facebook  
• Google plus  
•  
•  
• Send to  

• Topics
• Security
• Security
• Security