Exploiting some vulnerability of the BitTorrent protocol, a single user can launch a DoS attack that is then amplified up to 120 times by other network nodes.
A group of security researchers has identified a vulnerability of the BitTorrent protocol that applies in particular to some of the most-used clients like uTorrent, and that allows you to make a new type of DDoS attack that can be triggered even by a single person and be equally in a firepower particularly dangerous and effective.
The attack, which is called a Distributed Reflective DoS – DRDOS, allows an attacker to send a request properly sanitized to other BitTorrent client which, in response, flood a target with the third data that are 50 to 120 times larger the original request. What makes the attack possible is the use of UDP protocol by BitTorrent, which offers no mechanism to prevent and avoid falsification of IP addresses, thereby leaving the possibility, in the request artfully packaged, replacing the IP attacker with that of the victim.
” An attacker who initiates a DRDOS does not send traffic directly to the victim. He sends him instead to amplifiers that reflect towards the victim. The attacker can do this by exploiting the vulnerability to IP spoofing of network protocols. A DRDOS has as a result a distributed attack that can be triggered by one or more parties, ” reads the search.
This type of attack has three advantages for the attacker, hiding his identity, it can be launched from a single computer but be, in effect a distributed attack and amplifies the original package, in some cases up to 120 times.
Amplification techniques for DoS attacks are nothing new: the smurf-attack and DNS amplification attacks rely on poor configurations, respectively, routers and DNS servers to bounce traffic considerably and boost the firepower at a target. In recent years the number of servers misconfigured shrank and these attacks appears to be less common, while maintaining their dangerousness.
DoS attacks are amplified more effective when they can exploit vulnerable applications or services widely used in origin: the researchers who described the technique DRDOS observed, following a scan of the network, about 2.1 million IP addresses that make use BitTorrent.
It is desirable for the addition of some countermeasures to the BitTorrent protocol that will avoid the possibility of exploiting techniques of IP spoofing and which prevent the amplification of the amount of data that the app BitTorrent send in response to a request.