18
BitTorrent software Users – Be Aware!!!
BitTorrent programs used by hundreds of millions of users all over the world may be fooled into participating in distributed denial of service (DDoS) attacks, amplifying the malicious traffic created by attackers by up to 50 times.
DDoS reflection is a technique which uses IP (Internet Protocol) address spoofing to fool a service to send replies to a third party computer rather than the initial sender. It could be utilized to conceal the source of malicious traffic.
This means an attacker can send a UDP packet with a forged header that pins down the IP address of someone else as the source, inducing the service to send the answer to that address.
Four researchers from City University London, Mittelhessen University of Applied Sciences in Germany, Friedberg and cloud networking company PLUMgrid, examined the protocols used by popular BitTorrent clients and discovered they could even be mistreated for amplification and DDoS reflection.
BitTorrent Sync (BTSync), which is another protocol intended for peer to peer file synchronization, could be used for an amplification factor of up to 120.
Using BitTorrent protocols for DDoS amplification is in many ways more efficient than using NTP or DNS. That is because there’s a comparatively modest variety of exposed DNS or NTP servers to be found online, however there are tens of millions of computers running BitTorrent software that are exposed.
Also, NTP and DNS generally utilize a given port number so that it is simple to filter malicious traffic over those protocols. But dynamic interface ranges are used by BitTorrent, so blocking and finding an assault demands specialized firewalls capable of performing deep packet inspection, the researchers said.
DDoS amplification would be more difficult to filter, the researchers said.
There are several kinds of countermeasures that may be executed to prevent such assaults, as stated by the researchers.
One needs ISPs to execute recommended security practices like network ingress filtering to stop IP. As stated by the Spoofer Project, which monitors how many networks enable IP spoofing online, about 24 percent of freely routed IP address prefixes on earth can now be spoofed.
Another countermeasure would be to implement a TCP-like, three way handshake in the Micro Transport Protocol (uTP) that’s now used by most BitTorrent clients. Nevertheless, this will be an important change that would create with older clients and will need an extended adoption time.
There are no comments.