SoylentNews is people
SoylentNews
Submission Preview
How BitTorrent could let lone DDoS attackers bring down big sites
Story automatically generated by StoryBot Version 0.0.1e (Development).
Note: This is the complete story and will need further editing. It may also be covered by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.
FeedSource: [ArsTechnica] collected from rss-bot logs
Time: 2015-08-16 18:05:55 UTC
Original URL: http://arstechnica.com/security/2015/08/how-bittorrent-could-let-lone-ddos-attackers-bring-down-big-sites/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29 [arstechnica.com]
Title: How BitTorrent could let lone DDoS attackers bring down big sites
Suggested Topics by Probability (Experimental) : 25.0 science 25.0 hardware 12.5 digiliberty 12.5 careers 12.5 breaking 12.5 OS
--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---
How BitTorrent could let lone DDoS attackers bring down big sites
Some of the most widely used BitTorrent applications, including uTorrent, Mainline, and Vuze are also the most vulnerable to a newly discovered form of denial of service attack that makes it easy for a single person to bring down large sites.
The distributed reflective DoS (DRDoS) attacks exploit weaknesses found in the open BitTorrent protocol, which millions of people rely on to exchange files over the Internet. But it turns out that features found uTorrent, Mainline, and Vuze make them especially suitable for the technique. DRDoS allows a single BitTorrent user with only modest amounts of bandwidth to send malformed requests to other BitTorrent users.
The BitTorrent applications receiving the request, in turn, flood a third-party target with data that's 50 to 120 times bigger than the original request. Key to making the attack possible is BitTorrent's use of the user datagram protocol, which provides no mechanism to prevent the falsifying of IP addresses. By replacing the attacker's IP address in the malicious request with the spoofed address of the target, the attacker causes the data flood to hit victim's computer.
"An attacker which initiates a DRDoS does not send the traffic directly to the victim," researchers wrote in a research paper recently presented at the 9th Usenix Workshop on Offensive Technologies. "Instead he/she sends it to amplifiers which reflect the traffic to the victim. The attacker does this by exploiting network protocols which are vulnerable to IP spoofing. A DRDoS attack results in a distributed attack which can be initiated by one or multiple attacker nodes."
The reflective form of DoS has three main advantages for the attacker, including:
Campaigns cost celebrity players dearly by disrupting lucrative video streams.
DoS amplification attacks are most effective when they abuse widely used applications or services that are vulnerable by default. The researchers who describe the DRDoS technique said one Internet scan they performed identified 2.1 million IP addresses using BitTorrent. They recommended several countermeasures be added to the BitTorrent protocol to prevent IP spoofing and to prevent amplifying the amount of data that BitTorrent apps send in response to requests.
