DRDOS attacks through BitTorrent

DRDOS (Distributed Reflective Denial of Service). Florian Adamsky of the University of London has published a research paper detailing the family of protocols used by BitTorrent clients and can be abused for DRDOS attacks.

hacker DRDOS

Most of us have a basic idea of ​​what a DDOS attack is, but the DRDOS attack is a bit different.

While in a DDOS attack a controls a series of zombie computers that generate excessive traffic to a target causing the target to become "clogged" and no longer accessible to third parties, in a DRDOS, the attacker generates traffic to a legitimate network equipment (called a mirror), from the which then relays the traffic to the victim.

The traffic sent to the mirror is forged and contains the victim's IP address as the origin of the packet, and when the mirror (or if you want the reflector) follows the general rules of Internet protocols and tries to create a connection, it does so with IP of the victim instead of the attacker.

Also, beyond the mission of a catwalk, the attackers have devised ways to use the mirror to boost traffic.

Protocols widely used in DRDOS attacks are TCP, DNS, and NTP. OR research study by Mr. Adamsky shows how too many protocols can be used by the BitTorrent family in DRDOS attacks, even with the ability to boost traffic.

According to Mr. Adamsky, the BitTorrent protocols that are affected are: UTP (Micro Transport Protocol), Distributed Hash Table (DHT), and Message Stream Encryption (MSE). These are the protocols used in BitTorrent, uTorrent and Vuze applications.

Επιπλέον, το πρωτόκολλο συγχρονισμού BTSync που ται με την ανταλλαγής αρχείων BitTorrent Sync,  είναι επίσης ευάλωτο.

"Our experiments show that BitTorrent has a bandwidth amplification factor (BAF) 50 times higher and in the case of BTSync up to 120 times higher," said Florian Adamsky.

Όμως τα κακά νέα δεν σταματούν εδώ. Εκτός από την ενίσχυση της κυκλοφορίας οι DRDOS επιθέσεις που πραγματοποιούνται μέσω του BitTorrent είναι ανιχνεύσιμες με κανονικά firewalls εξαιτίας “του εύρους των δυναμικών πορτών και της ς κατά τη διάρκεια της χειραψίας”

Οι Υπηρεσίες μετριασμού για αυτό το είδος των επιθέσεων θα απαιτούσαν πιθανά Deep Inspection (DPI), μία λύση που “τρώει” πολλούς πόρους για τις περισσότερες υποδομές διακομιστών.

Such as says TorrentFreak, BitTorrent has fixed some of these issues in a recent beta, while Vuze and uTorrent are still vulnerable.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.086 registrants.

bandwidthbittorrentdrdosfactorNTP

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).