The BitTorrent protocol is a file-sharing protocol used by Millions of online users to exchange files over the Internet on a daily basis. A new research by Florian Adamsky of the City University London shows that open BitTorrent protocol can be exploited to carry out Distributed Reflective Denial of Service (DRDoS) attacks. This Makes all BitTorrent applications like uTorrent, Vuze etc could be used to carry out a devastating distributed denial of service (DDoS) attack. It is to be noted that this makes possible for a single undetectable hacker to take down big sites.

BitTorrent protocol is Vulnerable to DRDoS attack

DRDoS attack is a more sophisticated form of conventional DDoS attack where open and misconfigured DNS (Domain Name System) can be used by anyone to launch high-bandwidth DDoS attacks on target websites. In a paper, titled "P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks," the researchers shows that the weakness in various BitTorrent protocols can be exploited to amplify Denial of Service attacks. According to them, the vulnerability affects BitTorrent protocols (Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE)) as well as BitTorrent Sync (BTSync) protocols.

High Bandwidth DDoS Attacks Are easy Now

As per the tests conducted it was successful in using BitTorrent peers to flood a third-party target with data traffic up to a factor of 50 to 120 times bigger than the original request. High bandwidth DDoS attacks are very common nowadays. Hacking groups like Lizard Squad and Anonymous were successful in attacking big targets by DDoS. Lizard Squad even made a commercial tool named "Lizard Stressor" which is a paid DDoS tool available to anyone.  Two years ago, a massive 300Gbps DDoS attack launched against Spamhaus website almost broke the Internet, not to mention the new heights of DDoS achieved against CloudFlare, reaching more than 400Gbps at its peak of traffic, last year.

Patches are on its way. Update Soon.

BitTorrent company has already patched some of its applications in a recent beta release. However, uTorrent is still vulnerable to a DHT attack. Vuze is also yet to release a patch, even though it was informed. So to be on the safer side you may need to use the patched products for the time being.
Check: HORNET: Ultra High Speed & Secure TOR Alternative

Post a Comment