Whatever your poison, the peer-to-peer (P2P) file-sharing tool just became a huge security risk. A flaw in Torrent-Clients (including the wieldy used µTorrent and Vuze) can be exploited and as such allow a single person to launch a full blown DDoS attack – with little risk for the attacker himself.
According to the paper “P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks” the vulnerability can be found in the BitTorrent protocol family.
It states that “BitTorrent and BTSync are vulnerable to DRDoS attacks. […] With peer-discovery techniques like trackers, DHT or PEX, an attacker can collect millions of amplifiers. An attacker only needs a valid info-hash or secret to exploit the vulnerabilities. In that case, we have shown that the most used BitTorrent clients, uTorrent, Mainline and Vuze, are highly vulnerable and can be amplified up to a factor of 50 times. With a single BTSync ping message, an attacker can amplify the traffic up to 120 times. “
This special kind of attack has several advantages for the attacker, which include IP spoofing (that means the attacker’s identity can be hidden) as well as easiness and efficiency: After all a lot of harm can be caused with just one computer. The worst thing though? It also is quite difficult to circumvent …