Sunday, 16 August 2015

BitTorrent vulnerable to denial-of-service attacks!

A latest research has revealed that popular file-sharing service BitTorrent is prone to denial-of-service (DoS) attacks.
The paper, titled ‘P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks’ published by City University London researcher Florian Adamsky reveals that there is a huge potential for abuse.
BitTorrent clients and BitTorrent Sync are vulnerable to the DoS attacks and malicious attacker could use the BitTorrent protocols to reflect and amplify traffic through fellow file-sharers taking the original bandwidth up, Torrent Freak notes.
Researcher Adamsky explains that the attacker only needs a valid info-hash, or the ‘secret’ in case of BitTorrent Sync to carry out the exploit and a single BitTorrent Sync ping is enough to amplify the traffic by 120 times.
The vulnerability affects the uTP, DHT, Message Stream Encryption and BitTorrent Sync protocols.
For uTorrent and Vuze, the boosting attacks are boosted by 39 and 54 times.
BitTorrent has been notified about the vulnerabilities and it has also issued a patch in a recent release. The vulnerability basically leads to a lot of wasted bandwidth and there is no other security concern for BitTorrent based software users.

0 comments:

Post a Comment