DRDOS (Distributed Reflective Denial of Service). Florian Adamsky of the University of London has published a research paper detailing the family of protocols used by BitTorrent clients and can be abused for DRDOS attacks.
Most of us have a basic idea of what a DDOS attack is, but the DRDOS attack is a bit different.
While in a DDOS attack a hacker controls a series of zombie computers that generate excessive traffic to a target causing the target to become "clogged" and no longer accessible to third parties, in a DRDOS, the attacker generates traffic to a legitimate network equipment (called a mirror), from which then relays the traffic to the victim.
Η movement sent to the mirror is spoofed and contains the victim's IP address as its origin packetuh, and when the mirror (or reflector if you like) follows the general rules of internet protocols and tries to establish a connection, it does so with the victim's IP, instead of the attacker's.
Also, beyond the mission of a catwalk, the attackers have devised ways to use the mirror to boost traffic.
Protocols widely used in DRDOS attacks are TCP, DNS, and NTP. OR research study by Mr. Adamsky shows how too many protocols can be used by the BitTorrent family in DRDOS attacks, even with the ability to boost traffic.
According to Mr. Adamsky, the BitTorrent protocols that are affected are: UTP (Micro Transport Protocol), Distributed Hash Table (DHT), and Message Stream Encryption (MSE). These are the protocols used in BitTorrent, uTorrent and Vuze applications.
In addition, the BTSync synchronization protocol used with the BitTorrent Sync file sharing application is also vulnerable.
"Τα πειράματά μας δείχνουν ότι το BitTorrent έχει ένα παράγοντα ενίσχυσης του bandwidth (BAF = bandwidth amplification factor) 50 φορές μεγαλύτερη και στην περίπτωση του BTSync είναι έως και 120 φορές μεγαλύτερη", δήλωσε ο κ. Florian Adamsky.
Όμως τα κακά νέα δεν σταματούν εδώ. Εκτός από την ενίσχυση της κυκλοφορίας οι DRDOS επιθέσεις που πραγματοποιούνται μέσω του BitTorrent είναι ανιχνεύσιμες με κανονικά firewalls εξαιτίας "του εύρους των δυναμικών πορτών και της κρυπτογράφησης κατά τη διάρκεια της χειραψίας"
Mitigation Services for this type of attack would likely require Deep Packet Inspection (DPI), a resource-intensive solution for most server infrastructures.
Such as says TorrentFreak, BitTorrent has fixed some of these issues in a recent beta, while Vuze and uTorrent are still vulnerable.
