{"id":135308,"date":"2015-08-17T09:40:36","date_gmt":"2015-08-17T07:40:36","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=135308"},"modified":"2015-08-17T09:43:31","modified_gmt":"2015-08-17T07:43:31","slug":"bittorrent-could-allow-massive-dos-attacks","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/135308-bittorrent-could-allow-massive-dos-attacks.html","title":{"rendered":"BitTorrent could allow massive DoS attacks"},"content":{"rendered":"<p>BitTorrent applications such as the Mainline client, \u00b5Torrent, and Vuze can be exploited to participate in a denial of service attack on a grand scale, <strong><a href=\"http:\/\/arstechnica.com\/security\/2015\/08\/how-bittorrent-could-let-lone-ddos-attackers-bring-down-big-sites\/\" target=\"_blank\">Ars Technica has reported<\/a><\/strong>.<\/p>\n<p>This newly-discovered form of denial of service (DoS) attack uses weaknesses in the BitTorrent protocol to send malformed requests to other users, who in turn flood a target.<\/p>\n<p>Using BitTorrent for amplification can result in the attack traffic being 50 to 120 times larger than the original request.<\/p>\n<p>Ars Technica reported that this is made possible thanks to BitTorrent\u2019s use of user datagram protocol (UDP), which does not guard against the falsifying of Internet Protocol addresses.<\/p>\n<p>An attacker can then replace their IP address in the malicious UDP request with the address of the target, resulting in a flood of traffic to the victim\u2019s computer.<\/p>\n<p>Such distributed reflective denial of service (DRDoS) attacks have three advantages for the attacker:<\/p>\n<ol>\n<li>The identity of the attacker is hidden<\/li>\n<li>A single computer can initiate a distributed attack<\/li>\n<li>As much as 120-fold amplification of the original attack packet<\/li>\n<\/ol>\n<p>Although the attack may be initiated from a single computer, researchers noted that another strength of DRDoS attacks is that they can start at one or multiple attacker nodes.<\/p>\n<h3 id=\"related\">More security news<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/134908-security-shootout-windows-10-vs-mac-os-x.html\"><strong>Security shootout: Windows 10 vs Mac OS X<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/135182-multi-million-rand-cctv-system-takes-on-crime-in-joburg.html\"><strong>Multi-million rand CCTV system takes on crime in Joburg<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/135052-windows-10-wont-stop-talking-to-microsoft-even-if-you-tell-it-to.html\"><strong>Windows 10 won\u2019t stop talking to Microsoft, even if you tell it to<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/134946-big-sa-websites-exposed-by-basic-security-flaw.html\"><strong>Big SA websites exposed by basic security flaw<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/134976-large-ddos-attacks-often-use-syn-and-udp-vectors.html\"><strong>Large DDoS attacks often use SYN and UDP vectors<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you leave your BitTorrent client running, it could leave you open to being co-opted into a distributed reflective denial of service attack.<\/p>\n","protected":false},"author":23,"featured_media":108946,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,3536,32200,15197,32198],"class_list":["post-135308","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-bittorrent","tag-distributed-reflective-denial-of-service-drdos","tag-utorrent","tag-vuze"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/135308"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=135308"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/135308\/revisions"}],"predecessor-version":[{"id":135310,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/135308\/revisions\/135310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/108946"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=135308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=135308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=135308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}