HackGh Community Forum

Log in

I forgot my password



Who Is Online?
Guests : 0
Hidden : 0
Registered : 0
Users Online :
Refresh View the whole list

Latest topics
Keywords

6  5513  google  7  11  policies  4  3  21  intl  Critical  HackGh  keepCalmAndLOVEHACKGH4life  3264  2  8  DumsormustSTOP  Unlimited  2000  terms  10  9  5  phAnt0m_DrAcON  30  1  

Top posting users this month
obzeva
 
PhAnt0m
 



Free counters!
Staff Online
Staff Online
Members2046
Most Online179
Newest Member
BBC alternative

You are not connected. Please login or register

 » Computer Tricks And Technology Tips » Windows1O OS Downloads, Trick and & Tips » 

BitTorrent App Can Be Exploited for DDoS Attacks

View previous topic View next topic Go down  Message [Page 1 of 1]

kbasante

avatar
Support Moderator
Support Moderator
It turned out that BitTorrent and BitTorrent Sync apps could be exploited by hackers for DDoS attacks. The popular file-sharing protocol allows to reflect and amplify traffic through other file-sharers, thus boosting the original bandwidth by a factor of 120, which is a godsend for hackers.

The recent research revealed that BitTorrent swarms are relatively harmless, but still there’s potential for abuse. Various experiments confirmed that the flaw affects the uTP, DHT, Message Stream Encryption and BitTorrent Sync protocols. It was pointed out that the attacks were most effective via the BitTorrent Sync app, where the original bandwidth can be increased 120 times. As for the most popular torrent apps – uTorrent and Vuze, the effect is also noticeable, boosting attacks by 39 and 54 times respectively.

The researchers say that it’s quite easy to launch a distributed reflective DoS attack via BitTorrent, as the hacker just needs a valid info-hash, or the “secret” in case of BitTorrent Sync. Such attack is easy to run, because the hacker is able to collect millions of possible amplifiers by using trackers, DHT or PEX with a single BitTorrent Sync ping message.

The researchers informed BitTorrent Inc. about the flaw, and the company patched some of vulnerabilities in a recent beta release. However, thus far, uTorrent is still vulnerable to a DHT attack. As for Vuze, the company was also contacted but has yet to release a patch.

Users of BitTorrent-based clients should have no security concern other than the fact that they can be participating in a distributed denial of service attack without their knowledge. The bugs mostly lead to wasted bandwidth.

View user profile

View previous topic View next topic Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum