BitTorrent applications such as the Mainline client, µTorrent, and Vuze can be exploited to participate in a denial of service attack on a grand scale, Ars Technica has reported.
This newly-discovered form of denial of service (DoS) attack uses weaknesses in the BitTorrent protocol to send malformed requests to other users, who in turn flood a target.
Using BitTorrent for amplification can result in the attack traffic being 50 to 120 times larger than the original request.
Ars Technica reported that this is made possible thanks to BitTorrent’s use of user datagram protocol (UDP), which does not guard against the falsifying of Internet Protocol addresses.
An attacker can then replace their IP address in the malicious UDP request with the address of the target, resulting in a flood of traffic to the victim’s computer.
Such distributed reflective denial of service (DRDoS) attacks have three advantages for the attacker:
- The identity of the attacker is hidden
- A single computer can initiate a distributed attack
- As much as 120-fold amplification of the original attack packet
Although the attack may be initiated from a single computer, researchers noted that another strength of DRDoS attacks is that they can start at one or multiple attacker nodes.