This can be done unknown to the millions of BitTorrent client users and can result in a significant DoS attacks on targets. While BitTorrent swarms are relatively harmless, a new paper published by City University London researcher Florian Adamsky reveals that there’s potential for abuse. A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users using outside resources. A DoS attack can lead to temporary or indefinite interruption or suspension of services of a host connected to the Internet. The paper, titled ‘P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks’, shows that various BitTorrent protocols can be used to amplify Denial of Service attacks. Lead researcher, Adamsky confirmed that they had conducted experiments and found that this vulnerability affects the uTP, DHT, Message Stream Encryption and BitTorrent Sync protocols. Adamsky state that the attacks are most effective through the BitTorrent Sync application where the original bandwidth can be increased by a factor of 120. While in other torrent clients, uTorrrent and Vuze the attack is boosted by 39 and 54 times respectively. Speaking with TF, Adamsky states that it’s relatively easy to carry out a distributed reflective Denial of Service (DRDoS) attack via BitTorrent. The attacker only needs a valid info-hash, or the “secret” in case of BitTorrent Sync. The researchers have notified the BitTorrent client maker about the vulnerabilities and they in turn have released a beta patch to fix these flaws. However uTorrent and Vuze are still vulnerable to a DHT attack.
