Sign up to our newsletter
Widely used BitTorrent applications have been found to be vulnerable to distributed reflective denial-of-service (DRDoS) attacks, according to new research.
Presented at the ninth USENIX Workshop on Offensive Technologies in Washington DC earlier this month, the paper revealed how applications including uTorrentz Mainline and Vuze are susceptible to being exploited by cybercriminals.
DDoS attacks, the authors of P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks, explain, have evolved to become “increasingly devastating” and this latest discovery is indicative of that worrying trend.
“In 2013, CloudFlare registered a DDoS bandwidth record by an attack which generated nearly 300 Gbps traffic,” they noted in their study. “A year later, a new record was established by a DDoS attack that generated 400 Gbps.
“Both these record-setting attacks belonged to a category of DoS attacks where the attacker does not send traffic directly to the victim; traffic is instead sent to reflectors (with spoofed source IP of the victim) which in turn flood the victim with responses.”
These attacks have the potential to become “particularly potent” if these reflectors are able to direct a substantially greater volume of traffic to victims “than what they received from the attacker”.
In other words, the reflectors, in effect, operate as “amplifiers”, magnifying the traffic above and beyond what is usually possible with a so-called conventional DDoS attack.
Further, that this type of attack is able to mask the cybercriminal’s identity – via IP spoofing – can be implemented by a single computer and be markedly more intense in scale, increases the likelihood of it being attempted in even greater numbers.
“With peer-discovery techniques like trackers, DHT or PEX, an attacker can collect millions of amplifiers,” the researchers explained. “An attacker only needs a valid info-hash or secret to exploit the vulnerabilities.”
Author Karl Thomas, ESET