P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks
نویسندگان
چکیده
In this paper, we demonstrate that the BitTorrent protocol family is vulnerable to distributed reflective denialof-service (DRDoS) attacks. Specifically, we show that an attacker can exploit BitTorrent protocols (Micro Transport Protocol (uTP) [32], Distributed Hash Table (DHT) [30], Message Stream Encryption (MSE) [8]) and BitTorrent Sync (BTSync) [6] to reflect and amplify traffic from peers. We validate the efficiency, robustness and evadability of the exposed BitTorrent vulnerabilities in a P2P lab testbed. We further substantiate the lab results by crawling more than 2.1 million IP addresses over Mainline DHT (MLDHT) and analyzing more than 10,000 BitTorrent handshakes. Our experiments reveal that an attacker is able to exploit BitTorrent peers to amplify the traffic up to a factor of 50 times and in case of BTSync up to 120 times. Additionally, we observe that the most popular BitTorrent clients are the most vulnerable ones.
منابع مشابه
Analysing the Security of Incentive Schemes in P2P-based File-sharing Systems
For Peer-to-Peer (P2P) file-sharing services cooperation is essential. However, peers behave rationally and try to maximise their benefits, while minimising their effort. To increase system performance incentive schemes are used to enforce cooperation. Nonetheless, so called free-riders and malicious peers try to attack these incentive schemes. In this paper we will first explain two popular P2...
متن کاملIs BitTorrent Unstoppable?
Anti-P2P companies have begun to launch Internet attacks against BitTorrent swarms. We use passive and active Internet measurements to study how successful these attacks are at curtailing the distribution of targeted content. For our active measurements, we develop a crawler that contacts all the peers in any given torrent, determines whether leechers in the torrent are under attack, and identi...
متن کاملA Distributed Denial-of-Service(DDoS) Attack using BitTorrent Peer-to-Peer(P2P) Network
Recently, many hackers attacks are done with a distributed denial of service (DDoS) strategy. Most famous centralized peer to peer (P2P) networks can be easily used for realize these attacks. File-sharing protocols such BitTorrent or an extension of Gnutella use centralized server for orchestrate 7-level connections between peers. This procedure create a point-of-failure because malicious centr...
متن کاملA Survey of Peer-to-Peer Attacks and Counter Attacks
-Peer-to-Peer (P2P) network is a distributed network architecture that partitions tasks or workloads among peers (nodes). Similar to traditional Internet, P2P networks are open to many attacks. In this research work we survey the defensive measures against general attacks as well as P2P specific attacks. We take BitTorrent (a P2P communications protocol for file sharing) as an example to illust...
متن کاملClassification of BitTorrent Attacks from the Protocol’s Operational Viewpoints
As the BitTorrent has become one of the most popular peer-to-peer file sharing systems, various security threats appear based on its operation. In this paper, we analyzed the vulnerabilities of the BitTorrent protocol, and surveyed existing attacks on the protocol. Then, we classified the attacks from the protocol’s operational viewpoints. Basically, the protocols are categorized into two parts...
متن کامل