If you had an account on forum.suprbay.org with at least one post, you do not need to re-register. Your account is still active and your Suprbay username and password will work.

BitTorrent kills bug that turns networks into a website-slaying weapon
Reflective technique would let attacker amplify traffic and flood targets

BitTorrent has fixed a flaw in its technology that quietly turns file-sharing networks into weapons capable of blasting websites and other internet servers offline.

The San Francisco company said Thursday the patch for its libuTP software will stop miscreants from abusing the peer-to-peer protocol to launch distributed reflective denial-of-service (DRDoS) attacks.
LibuTP is an essential building block for BitTorrent apps, such as Vuze, uTorrent, Transmission and the BitTorrent's own client software. These applications must be updated to include the fix, and installed by netizens to fully kill off the DRDoS vulnerability. uTorrent version 3.4.4 40911, BitTorrent version 7.9.5 40912, and BitTorrent Sync version 2.1.3, were all patched up earlier this month.

First uncovered by researcher Florian Adamsky, the vulnerability allows a single attacker to amplify a small string of data into a much larger flood of garbage network traffic that is directed toward a single target.

"Thankfully, no such attack has yet been observed in the wild, and Florian responsibly contacted us to share his findings," BitTorrent spokesman Christian Averill wrote in a blog post.

"This gave our engineering team the opportunity to mitigate the possibility of such an attack."
By utilizing a flaw in the BitTorrent protocols, an attacker can send a small amount of data across the internet to force unsuspecting BitTorrent nodes to simultaneously transmit a much larger wad of network packets to a machine of the attacker's choosing – effectively amplifying the attacker's input and outputting it all to a victim's computer.

This, if repeated enough times with enough nodes, allows the attacker to potentially bombard a targeted IP address with huge amounts of data, thus washing away any legit traffic. Effectively, the attacked server would appear to be offline.

[Image: bittorrentdrdos.jpg]

How an attack would propagate through the BitTorrent network

"By spoofing the source address in a UDP packet, an attacker can trick an intermediate node into sending data to a third party," BitTorrent bod Francisco de la Cruz explained in a blog post.

"If an attacker can find a UDP protocol that sends responses larger than initial requests, it can amplify the traffic directed at a victim."

BitTorrent has tweaked its library code to address the design flaw in its protocol. Before, an attacker could start a connection with a BitTorrent node, and fake its IP address to be that of the victim. The node would acknowledge the connection to the victim, rather than the attacker. The attacker would then send a handshake message to the node. The node would try to repeatedly reply to the handshake to the hapless victim, rather than the attacker.

Now a node will generate a random acknowledgment value and send that to the victim, rather than the attacker, when the connection is initiated. The attacker can only guess what this value is, and without it, its handshake message to the node will be ignored. The node will refuse to reply to the handshake unless the sender knows the acknowledgment value to prove it initiated the connection.

This, in turn, will make reflecting large volumes of traffic far more difficult for an attacker, and will prevent the execution of DRDoS attacks.
BitTorrent noted that even before the vulnerability was disclosed, products such as its Sync tool were in large part safe against the attacks.
"Sync, by design, limits the amount of peers in a share, making the attack surface much smaller," added Averill. "It would not serve as an effective source to mount large-scale attacks."

Theoretically, the same attack can be orchestrated with the Tor software.

I have not (yet?) seen this type of attack, but lucky for Bit-torrent they stopped this exploit before anybody could have executed it. Hopefully we will get to see this get integrated as a defense for other networks/websites. Anyone right now could launch this type of attack by opening multiple relays, in a large, modified, connected point-to-point protocol.

Good article.

Possibly Related Threads…
Thread Author Replies Views Last Post
  Can someone explain to me like I'm 5 how to hook up a CDN to a website? Ladyanne3 2 2,947 Mar 11, 2022, 17:21 pm
Last Post: Moe
  BitTorrent v2 Matthew 5 5,438 Jan 13, 2022, 19:04 pm
Last Post: Matthew
  ThePirateBay best torrenting website? bruvver 8 10,046 Nov 15, 2020, 18:41 pm
Last Post: RobertX
  new owner of BitTorrent WW3hasstarted 1 6,387 Oct 29, 2020, 06:39 am
Last Post: dueda
  BitTorrent V2 coming soon WW3hasstarted 0 4,068 Oct 12, 2020, 09:45 am
Last Post: WW3hasstarted

Users browsing this thread: 1 Guest(s)