Bittorrent sync security12/7/2023 This application is available for Windows, Linux, OS X, iOS and android operating systems.īitTorrent sync features are very similar to OneDrive, Google Drive, Dropbox or Yandex disk services. Now the user acts as a server and provides that file to other users and requests the missing parts from them. In this protocol, the files are divided into smaller parts and each part is sent to the user according to the received request. This protocol is designed to reduce the pressure on the server and its bandwidth consumption, because the users are responsible for file transferring. It would not serve as an effective source to mount large scale attacks.Recommended Article: Tutorial Install and use SonarQube on Ubuntu 20.04 What is BitTorrent Sync?īitTorrent is one of the fastest file sharing protocols that uses the Peer-to-Peer method. In addition, Sync, by design, limits the amount of peers in a share making the attack surface much smaller. ![]() “First, the attacker would have to know the Sync user they are trying to exploit to get their ‘Secret’ – or the Sync user would have to have exposed that ‘Secret’ publicly in some way. “An important point regarding Sync: even before the recent updates to Sync, the severity of the vulnerability was reduced by a few factors,” he also pointed out. ![]() He commended the researchers for responsibly sharing their findings with them a few weeks back, and said that the team at BitTorrent has already been able to address much of the issue prior to the paper’s publication and will soon have mitigated the matter completely. “Nonetheless we’ve taken the vulnerability reports seriously and have taken steps to harden our protocols and mitigate some weaknesses outlined in the research paper.” And even as recent as February of 2014, public Network Time Protocol (NTP) servers across the world were leveraged to carry out such an attack,” he added. In the meantime, stopping these attacks requires the deployment of firewalls with Deep Packet Inspection (DPI).Īfter pointing out that this type of attack has not yet been spotted in the wild, Christian Averill, VP of Comms & Brand at BitTorrent, has noted that attacks like this will always be possible due to the way UDP-based protocols work. While there is no effective security risk for the users of the vulnerable clients, these flaws should be fixed in order to prevent DRDoS attacks in the future. The researchers have found that uTorrent, Mainline and Vuze – the most popular BitTorrent clients – are vulnerable since they use the aforementioned protocols. An attacker only needs a valid info-hash or secret to exploit the vulnerabilities.” “With peer-discovery techniques like trackers, DHT or PEX, an attacker can collect millions of amplifiers. “Our experiments reveal that an attacker is able to exploit BitTorrent peers to amplify the traffic up to a factor of 50 times and in case of BTSync up to 120 times,” the researchers noted. ![]() To mount a Distributed Reflective DoS (DRDoS) attack, an attacker must simply send this malformed requests to other BitTorrent users, which then act as reflectors and amplifiers and flood the intended victim with responses. The weaknesses in the Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE), and BitTorrent Sync (BTSync) protocols allow the attacker to insert the target’s IP address instead of his own in the malicious request. A group of researchers have discovered a new type of DoS attack that can be pulled off by a single attacker exploiting weaknesses in the BitTorrent protocol family.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |