Everyone knows that BitTorrent is in the list of the most effective tools for transferring huge digital files to many people simultaneously. As distinct from a central server, BitTorrent transfers tend to increase speed as more people share the same file. That is the reason why BitTorrent has evolved into the most popular file-sharing platform.
Imagine that millions of people are downloading files through BitTorrent daily. Meanwhile, in some instances over 100 thousand people are sharing the same file at the given moment. While such large swarms of peers are good for sharing, they can also be used for DDoS attacks, as the Chaos Communications Congress recently revealed.
CCC talk was titled “Lying To Neighbors”, and revealed that the DHT technology powering “trackerless torrents” can easily be abused, as BitTorrent downloaders are able to effectively DDoS a certain server. In fact, DHT’s function is to find peers with the same files without communicating with a central tracker, which ensures that your downloads will continue even when the central BitTorrent tracker goes offline. However, DHT can also be exploited to carry out a DDoS attack. In case there’re enough peers downloading the same file, this can effortlessly take down large sites. The sad side of all this is that the downloaders involved in the DDoS attack may be unaware of that.
Such DHT vulnerabilities aren’t new concepts for the developers. In fact, they have been discussed earlier, but still no agreement has yet been reached on them. Meanwhile, over the last months DDoS attacks became a common event, major part carried out under the flag of Operation Payback. However, those attacks required hundreds of users to actively participate simultaneously, while the BitTorrent DDoS is able to take down a server from a single computer.
It unclear whether BitTorrent developers are planning to act upon that DHT vulnerability to prevent that kind of abuse after it became known to everyone, or not.
No comments:
Post a Comment