BitTorrent App Can Be Exploited for DDoS AttacksAdded: Tuesday, August 18th, 2015
Category: About Torrents > Staying Safe And Secure
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, www.extratorrent.cc, 2015
It turned out that BitTorrent and BitTorrent Sync apps could be exploited by hackers for DDoS attacks. The popular file-sharing protocol allows to reflect and amplify traffic through other file-sharers, thus boosting the original bandwidth by a factor of 120, which is a godsend for hackers.
The recent research revealed that BitTorrent swarms are relatively harmless, but still there’s potential for abuse. Various experiments confirmed that the flaw affects the uTP, DHT, Message Stream Encryption and BitTorrent Sync protocols. It was pointed out that the attacks were most effective via the BitTorrent Sync app, where the original bandwidth can be increased 120 times. As for the most popular torrent apps – uTorrent and Vuze, the effect is also noticeable, boosting attacks by 39 and 54 times respectively.
The researchers say that it’s quite easy to launch a distributed reflective DoS attack via BitTorrent, as the hacker just needs a valid info-hash, or the “secret” in case of BitTorrent Sync. Such attack is easy to run, because the hacker is able to collect millions of possible amplifiers by using trackers, DHT or PEX with a single BitTorrent Sync ping message.
The researchers informed BitTorrent Inc. about the flaw, and the company patched some of vulnerabilities in a recent beta release. However, thus far, uTorrent is still vulnerable to a DHT attack. As for Vuze, the company was also contacted but has yet to release a patch.
Users of BitTorrent-based clients should have no security concern other than the fact that they can be participating in a distributed denial of service attack without their knowledge. The bugs mostly lead to wasted bandwidth.
Thanks to TorrentFreak for providing the source of the article.
Tuesday, August 18th, 2015
|Well, I have no issues with ET promoting it's VPN service, but putting links embedded links into phrases of a news article that falsely makes a clicker think they are going to a related news source is just pure garbage and misleading of the ET user base.|
"uTorrent is still vulnerable to a DHT attack" - Im thinking this will bring up a featured, related article with some further info about this type of attack, and without looking at the link by mouse hovering over it, I, and others, would be tricked into a selfless, bullsh*t promotional page for the trust.vpn.
Not very nice of you guys to be doing this sort of thing - as it's pretty much fraudulent, misleading and potentially a security risk for user's here to trust ET and blindly click on links that may, in the future, contain bad links or even just more promotional money schemes of this site.
Don't abuse our trust. Without US, you wouldn't exist.
|Something about this article I like,and No its not the embedded link. Thats no different than get a free flash player or anything else that someone is set on giving me, maybe they should offer a walmart gift card with it LOL.|
Or a coupon for a Free music download,now thats what everyone needs eh?
Most Popular Stories