A new paper published by researchers from City University London reveals how unsuspecting users of file sharing clients like BitTorrent are vulnerable to being exploited in DRDoS attacks. Most people are familiar with DDoS attacks, which aim to flood a server with so much traffic that it can’t respond to all the requests, effectively taking the site down. A DRDoS attack is a subset of DDoS where the attacker does not send traffic directly to the target, but instead sends it to reflectors who flood the victim with traffic.
The researchers found that the BitTorrent protocol has a weakness which allows malicious individuals to use fellow file-sharers to reflect and amplify traffic directed at a specific target. How much the traffic is amplified is proportional to how widely adopted the protocol is. According to tests run by the researchers, the BitTorrent client is capable of amplifying traffic 50 times its original amount, while BitTorrent Sync can amplify traffic 120 times.
Other clients which make use of the BitTorrent protocol, like uTorrent, Mainline and Vuze are also vulnerable to this exploit. BitTorrent has released a Beta patch which fixes these vulnerabilities, but the others have not yet addressed this weakness. Fixing this exploit should be a top priority due to the ease at which it can be abused. One of the researchers, Florian Adamsky, spoke with TorrentFreak, stating that all that was needed to pull of this exploit was a valid info hash, and that “an attacker can collect millions of possible amplifiers by using trackers, DHT or PEX.”
While this exploit may be bad news for anyone unlucky enough to be on the receiving end of it, for files-sharers there is no real concern other than the fact that they are unwittingly participating in a DDoS attack. The only real negative is some wasted bandwidth and possibly some unexpectedly large internet bills.
If you use file-sharing clients like BitTorrent, are you worried about being exploited to unwittingly carry out a DDoS attack? Leave your comment below.