Attackers Can ‘Steal’ Bandwidth From BitTorrent Seeders, Research Finds
#1
[Image: swarm.jpg]BitTorrent is one of the fastest and most efficient ways to share large files over the Internet. The popular file-sharing protocol is used by dozens of millions of people every day and accounts for a substantial amount of total Internet traffic.

This popularity makes BitTorrent an interesting target for attacks, which various anti-piracy companies have shown in the past. One of these possible attacks was recently unveiled by Florian Adamsky, researcher at the City University London.

In an article published in “Computers & Security” Adamsky and his colleagues reveal an exploit which allows attackers to get a higher download rate from seeders than other people.

In technical terms, the exploit misuses BitTorrent’s choking mechanism of clients that use the “Allowed Fast” extension. Attackers can use this to keep a permanent connection with seeders, requesting the same pieces over and over.

The vulnerability was extensively tested in swarms of various sizes and the researchers found that three malicious peers can already slow download times up to 414.99%. When the number of attackers is greater compared to the number of seeders, the worse the effect becomes.

The impact of the attack further depends on the download clients being used by the seeders in the swarm. The mainline BitTorrent clients and uTorrent are not vulnerable for example, while Vuze, Transmission and Libtorrent-based clients are.

TorrentFreak spoke with Adamsky who predicts that similar results are possible in real swarms. Even very large swarms of more than 1,000 seeders could be affected through a botnet, although it’s hard to predict the precise impact.

“If an attacker uses a botnet to attack the swarm, I think it would be possible to increase the average download time of all peers [of swarms with 1,000 seeders] up to three times,” Adamsky tells us.

“If most of the clients would have a vulnerable client like Vuze or Transmission it would be possible to increase the average download time up ten times,” he adds.

In their paper the researchers suggest a relatively easy fix to the problem, through an update of the “Allowed Fast” extension. In addition, they also propose a new seeding algorithm that is less prone to these and other bandwidth attacks.

Originally Published: Tue, 19 Aug 2014 21:33:00 +0000
source
Reply
#2
Interesting. I can see the Allowed Fast extension be used for those "hard to connect" or "hard to get" stuff. I just wonder for the exploit: if it would be used as a purposed attack or an "accidental" attack in which the person just wants the files.
Reply
#3
(Aug 19, 2014, 19:18 pm)MaronaPossessed Wrote: I just wonder for the exploit: if it would be used as a purposed attack or an "accidental" attack in which the person just wants the files.

"Attackers can use this to keep a permanent connection with seeders, requesting the same pieces over and over."

No off-the-shelf client does that (as there is no legitimate reason for doing it--it doesn't get files it only gets pieces, the same pieces, repeatedly).

So it would require the use of a modified (or purpose built) client. So it couldn't possibly happen accidentally.
Reply
#4
(Aug 19, 2014, 19:29 pm)NIK Wrote:
(Aug 19, 2014, 19:18 pm)MaronaPossessed Wrote: I just wonder for the exploit: if it would be used as a purposed attack or an "accidental" attack in which the person just wants the files.

"Attackers can use this to keep a permanent connection with seeders, requesting the same pieces over and over."

No off-the-shelf client does that (as there is no legitimate reason for doing it--it doesn't get files it only gets pieces, the same pieces, repeatedly).

So it would require the use of a modified (or purpose built) client. So it couldn't possibly happen accidentally.

True. Guess I've should've thought a bit more on that bit. Thanks NIK^^ +1
Reply
#5
They aren't stealing bandwidth... basically a DOS attack
Reply
#6
That seems too complicated. I would just choke a whole bunch of people with a bandwidth shaping feature on my ISP or higher.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak! lustrous 0 6,001 May 06, 2024, 18:26 pm
Last Post: lustrous
  Win 7 dying, such a sad day :( 59465 only finds 47 torrents in dht search ID10TError 27 42,973 Feb 15, 2024, 16:12 pm
Last Post: lustrous
  New market research shows shocking trend among Gen Z and Gen Alphap Ladyanne3 4 2,342 Feb 12, 2024, 21:43 pm
Last Post: Ladyanne3
  Remote Bittorrent not working surferbroadband 0 5,581 Mar 31, 2023, 00:03 am
Last Post: surferbroadband
  If BBC can be on the darkweb... Can I? Ladyanne3 2 12,632 Apr 08, 2022, 08:36 am
Last Post: Ladyanne3



Users browsing this thread: 1 Guest(s)