Popular BitTorrent clients including uTorrent, Mainline and Vuze are susceptible to the flaw, presented in a research paper at the 9th Usenix Workshop on Offensive Technologies. It allows hackers to execute distributed reflective denial of service attacks (DRDoS) from the safety of the torrent network.
DRDoS is a more sophisticated variant of the conventional denial of service DDoS attack where websites are flooded with so much artificial traffic that they cannot respond to legitimate requests, eventually bringing them offline. It would allow one user of a BitTorrent client to flood a web server with data far beyond the capacity of their own bandwidth.
Ars Technica explains that the attack begins with the user sending a malformed request to other BitTorrent users. When they receive the request, they pass it on to a specified third-party target, resulting in a data transmission 50 to 120 times larger than the original request sent by the user who initiated the DRDoS.
The flaw that makes it all possible lies in network protocols used by the BitTorrent network. They are vulnerable to IP address spoofing as there is no way of ensuring that a specified address is the correct value for an individual client. Attackers just have to replace their own IP address with a spoofed target in the first malformed torrent request to start the attack.
The technique could be very appealing to a hacker working alone. It would be very easy to bring down a major website using a conventional home computer. The reflective nature of the DRDoS means that the identity of the original perpetrator would be masked by the credentials of the other computers involved.
The owners of the computers that the original request makes its way to would probably never realise their machine was playing a role in a massive attack on a web server. They would only notice by looking at their network usage where a massive amount of upload traffic would be clearly evident.
The researchers who discovered the vulnerability wrote that one Internet scan revealed over 2.1 million BitTorrent users. The network is used by millions worldwide every day to quickly exchange files online by seeding content between users, enabling downloads to complete faster.
It has been recommended that the protocols used by BitTorrent should be updated so that IP spoofing is no longer possible. This would prevent the potentially devastating attacks that could be started by anybody with a BitTorrent client installed on their computer.
BitTorrent has reportedly begun patching the issues in a recent beta release. Popular client uTorrent still has a major vulnerability while Vuze has not yet responded.
