Torrent clients and BitTorrent Sync can be leveraged for DrDoS attacks
In this paper, we demonstrate that the BitTorrent protocol family is vulnerable to distributed reflective denial-of-service (DRDoS) attacks. Specifically, we show that an attacker can exploit BitTorrent protocols (Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE))and BitTorrent Sync (BTSync) to reflect and amplify traffic from peers.
We validate the efficiency, robustness and evadability of the exposed BitTorrent vulnerabilities in a P2P lab testbed. We further substantiate the lab results by crawling more than 2.1 million IP addresses over Mainline DHT (MLDHT) and analyzing more than 10,000 BitTorrent handshakes. Our experiments reveal that an attacker is able to exploit BitTorrent peers to amplify the traffic up to a factor of 50 times and in case of BTSync up to 120 times.
Additionally, we observe that the most popular BitTorrent clients are the most vulnerable ones. (uTorrent, Mainline Vuze)
We showed that anattack is quite difficult to circumvent, as the found vulnerabilities can only be defended with a DPI firewall. In case of a MSE handshake, it is even harder to detect the attack, since the packet contains a high entropy payload with a public key and random data.
BitTorrent Inc has been notified about the vulnerabilities and patched some in a recent beta release. For now, however, uTorrent is still vulnerable to a DHT attack. Vuze was contacted as well but has yet to release an update according to the researcher.
Arstechnica also wrote about it:
En Français :