Loading...

Using Bittorent protocol to launch DDoS attacks

Essay 2012 9 Pages

Computer Science - IT-Security

Excerpt

Table of Contents

1.0 Title

2.0 Introduction

3.0 Problem Statement
3.1 Using BitTorrent protocol to launch DDoS attacks
3.1.1 How the attack is done
3.2 The attack is an effective geographically scalable DDoS
3.3 Lack of awareness about this vulnerability among the public

4.0 Research aim and Objectives
4.1 Research aim
4.2 Research objectives

5.0 Research Questions

6.0 Research design

7.0 Personal reflection

8.0 References

Table of Figures / Tables

Figure 1 : DDoS analogy

Table 1 : Different attack methods

1.0 Title

Enhance security architecture of a BitTorrent client to control DDoS attacks

2.0 Introduction

In a nutshell what the researcher hopes to achieve by this project is to develop a practical solution to control Distributed Denial of Service (DDoS) attacks launched using BitTorrent protocol by tweaking the source code of an existing open source BitTorrent client.

Even though BitTorrent is a useful protocol, it could be misused to launch DDoS attacks. Since the number who uses BitTorrent protocol is high, by launching a DDoS the victim’s machine could be crippled. Hence as a remedy to the issue this report is formulated so that it discusses how the attacks are done and how it could be prevented.

For a simple analogical demonstration of what this attack does, take a look at figure 1 where computer A cannot fulfill the requests of a legit user computer B. this is what DDoS attack does. After enhancing the security architecture of BitTorrent client this problem would not occur hence it is improved to control these attacks.

illustration not visible in this excerpt

Figure 1 : DDoS analogy

3.0 Problem Statement

In this section the main or the sources of problems related to this project is described in order for the user to understand where and why the idea of this project was originated and how and why it should be eliminated.

3.1 Using BitTorrent protocol to launch DDoS attacks

It has been noted that peer to peer constitute 60% of current internet traffic. (Tsoumakos & Roussopoulos, n.d.) Thus it is apparent that most of the users make use of P2P protocols in a daily basis. If BitTorrent protocol is considered, some of the reasons to choose it over other protocols are its reliability, efficiency and anonymity. (mr6n8, 2012)

3.1.1 How the attack is done

The user should have a meta-data file named “.torrent” to start a torrent service. In this meta-data file, information such as size of each file, hashes for data and IP addresses of trackers[1] are embedded. Hence when the torrent is started, the user checks with the trackers to get a peer list to download pieces of the file he/she needs. (Marlom, et al., 2007) and (Cohen, 2003)

Following table describes various ways that the BitTorrent protocol could be misused to launch DDoS attacks. As seen, it has two modes centralized and DHT mode (which is a current trend to evade the legal actions against torrent and tracker repositories). (Timpanaro, et al., 2011.) However in this report, the second attack method in the table is discussed as it could inflict the most damage using Centralized tracker mode;

Abbildung in dieser Leseprobe nicht enthalten

Table 1: Different attack methods (Defrawy, et al., 2008)

According to Givanni (2008), ”File sharing protocols such as BitTorrent use centralized server for connections between peers. This procedure create a point of failure because malicious centralized-server modifies can redirect peer connections toward a target machine on a specific port”

Thus the attacker runs a modified BitTorrent tracker so that the meta-data file has multiple trackers. First tracker respond with fake high statistics to make it appeal for the users to download and the second tracker consist of victims IP address. (Defrawy, et al., 2008).

Hence when the user runs the torrent file, it sends BitTorrent handshakes to the targeted machine in a regular time period. This is very efficient since there is no BitTorrent handshake between the peer and the tracker although such a handshake exists between peers. (Defrawy, et al., 2008).

3.2 The attack is an effective geographically scalable DDoS

As described in the above section P2P is used by many users all around the world. Also the number of users using BitTorrent protocol grows exponentially. (Firas, et al., 2011) The same theory could be applied when it comes to the geography of the users. A study done by Defrawy, K. E., Minas, G. & Athina, M has proven that the average users in a torrent swarm is approximately 20 hops away from where it was published. (Defrawy, et al., 2008) Therefore we could conclude that hundreds and thousands of computers are engage in a DDoS attack expanding the geographical scalability of the attack. (Jerome, et al., n.d.)

3.3 Lack of awareness about this vulnerability among the public

According to Firas, et al., (2011), “In BitTorrent protocol out-of-hand interaction happens between peers before joining the network”. This suggests that there are numerous activities that take place in the back end when the user runs the BitTorrent client which the user is not informed of. Hence it is safe to assume that not all of the users are aware of these interactions that occur such as connecting with the tracker, getting the peer list and the functions such as choking, un-choking to download and upload respectively.

According to Givvani, (2008), “Bit Torrent protocol is an open protocol and today exists many client software implantations used by users. Besides, many users never will upgrade their software client if it works fine in file downloading.” This is also a serious issue and is very common among most of the users. Also the importance of users awareness is highlighted by Mirkovi´c et al., (2002) when he stated “ DDoS attacks should be stopped as close to the sources as possible.” in his article “Attack DDoS at its source”. Most of the users are not very attentive of the security side of their BitTorrent client resulting in not updating the security patches that are available to them because as far as the user is concerned, their program works and they are not willing to go through that burden of taking extra measures to ensure cyber security.

[...]


[1] A tracker is a central element that co-ordinates a swarm and helps peers to find other peers in the same swarm

Details

Pages
9
Year
2012
ISBN (eBook)
9783656894629
ISBN (Book)
9783656894636
File size
802 KB
Language
English
Catalog Number
v289149
Grade
Tags
using bittorent ddos

Author

Share

Previous

Title: Using Bittorent protocol to launch DDoS attacks