Slashdot Mirror

← Back to Stories (view on slashdot.org)

BitTorrent Servers Under DDoS Attacks

Posted by ryuzaki0 on from the under-fire dept.

jZnat writes "CNet News.com reports that popular BitTorrent tracker hosts such as Suprnova and LokiTorrent underwent DDoS attacks on Wednesday (I'll bet you noticed). The culprits are primarily unknown, but these sites were flooded beyond control from the attack. This appears to be striking an interest in revising the BT protocol and Suprnova's interest in making their own protocol."

19 of 352 comments (clear)

  1. Come on by Anonymous Coward · · Score: 5, Funny

    We all know it's the MPAA and RIAA.

  2. Stinks of RIAA by Anonymous Coward · · Score: 5, Funny

    RIAA adopting Lycos's tactics?

  3. To add insult to injury... by Infinityis · · Score: 5, Funny

    As if that weren't enough, now they'll most certainly feel some variant of the Slashdot effect as people try to check it out. Way to go!

  4. I can see it now... by Infinityis · · Score: 5, Funny

    Future Slashdot headline: Lycos apologizes for wrongly targeted DDoS attacks

  5. suprnova.com and .net by dncsky1530 · · Score: 5, Interesting

    I would like to know whether suprnova.com and suprnova.net were hit by the DDoS attacks. They try and maky money of the popularity of suprnova.org and there are a number of people that actually get suckered into paying those sites.

  6. Own protocol? by tod_miller · · Score: 5, Interesting

    Suprnova's interest in making their own protocol.

    I am all up for new protocols, but there is a reason why we do not have:

    http, httmyp, tthpp, hhtp, mshttp [I wouldnt doubt], SCOhttp, HPhttp

    Don't fragment the issues, work on a common protocol, if we can uncouple protocol and application (which has happened in all major networks I think) then good.

    Go for it supe..r..pr..nva...! but make it open.

    I kinda knew bit torrents would be attacked, can't they just publish the ip's that are attacking them, and get us to click on them a bit?

    teardrop attack?

    --
    #hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
  7. Dammit! by halcyon1234 · · Score: 5, Funny

    I knew I shouldn't have installed that new screensaver from the MPAA.

    --
    UTF-8: There and Back Again
  8. A perfect example by centipetalforce · · Score: 5, Insightful

    This is a perfect example of why it's not quite right to take the law into your own hands against someone who you **feel** is wrong.
    I have had my site targeted before, and I run a completely legit, whitehat site. Just because someone thinks they're better off financially without a competitor does not mean he's justified to try to take me down.

  9. Small-timers get it too by captaineo · · Score: 5, Informative

    I ran a very small BitTorrent tracker for distributing our videos. (2 torrents, very few clients)

    A few weeks ago we started receiving a massive attack, mostly from client addresses in Asia.

    The attack wasn't a DDoS per se - they were just "hijacking" my tracker by using it for their own torrents. But the volume of traffic (>100 requests/sec) had the effect of a DoS attack.

    I was surprised that the standard BitTorrent server does not have some way to prevent unwanted torrents from appearing on your tracker. I was also surprised that my "small-time" tracker (only named by via 1 web page) attracted such a hijacking.

    I will not run a tracker without the ability to deny usage to unwanted torrents. Although I'm uncertain about running any tracker at all now, since the hijack basically killed our internet connection.

    At the very least, do not run a BitTorrent tracker on a critical DNS name like your primary web site. The attacking clients in my case were all performing DNS lookups. (I could tell they were attacking a DNS name, not an IP address, by changing my DNS entries). Luckily I had used a separate DNS entry for the tracker, so I just pointed it to 127.0.0.1 to stop the attack. But if I had used my primary web server's address, I'd be in real trouble.

    1. Re:Small-timers get it too by Pathwalker · · Score: 5, Informative

      I was surprised that the standard BitTorrent server does not have some way to prevent unwanted torrents from appearing on your tracker.

      Of course BitTorrent has a way to restrict the torrents a tracker will serve.

      You set --allowed_dir and point it at a directory containing the torrents you want to allow.

      I know it's been supported since 3.4.1a at the latest.

    2. Re:Small-timers get it too by m00nun1t · · Score: 5, Funny

      I had a look at 127.0.0.1 to see what "videos" you are talking about. There's some really kinky videos there - pervert.

      --
      Read reviews of shopping cart software
  10. New protocols are not an answer by gnuASM · · Score: 5, Insightful

    I find it interesting that the focus with regards to DDoS attacks that I have read about is not on proper security and precautions, but rather the client/server applications being attacked. Because your Apache server is DDoS'd, does that mean you distribute your website through ftp? Of course not, you take further security precautions and strengthen your protection against DDoS attacks. Why then should there be a need to "create a new protocol" to "protect" from attacks?

    Protocols in and of themselves do not inherently have protection from these kinds of attacks. That is not the purpose of a protocol. The purpose of a protocol is to establish an agreed method of communications between two or more identified systems in a connection. This is where the problem persists: identification.

    DDoS is not successful because it overrides the buffers or socket space for connections to a server. It is successful because these sockets are kept open longer than they should be.

    What a server needs is not a "secure" protocol, because any protocol (method of communication) can be compromised so long as the attacker can make the protocol believe that an identified, valid entitiy has made a connection and intends to communicate.

    Instead, system administrators need to strengthen the rules in their firewalling and subsystem (kernel) to improve the latency of the socket states so that the system will not fail when attacked. I believe GNU/Linux has many tools available as well as kernel modules already available in order to accomplish much of this already.

    Rather than wasting time in creating YAP (Yet Another Protocol), the time and effort may be better utilized creating the system and firewalling tools needed to combat DDoS at its root.

    This brings it even further to the point of not necessarily even having to reconfigure and install and reconfigure again the varied tools needed for server-side protection, but even look as close as the router itself and the built-in firewalls there.

    I believe even Cisco has given some hardware advice for DDoS here.

    We don't necessarily need to be creating so much as we should be perfecting and improving.

  11. A Little correction.... by blue_monki · · Score: 5, Informative

    Suprnova isn't a tracker :) If you want to put something up on it you have to find your own tracker first!

    --
    www.monkeys-in-bras.com - _the_ place for the decerning monkey viewer.
  12. Why do you keep mentioning SUPRnova damn it by Anonymous Coward · · Score: 5, Insightful

    STOP MENTIONING SUPRNOVA .. you're ruining it for everyone who actually knows what the hell it is... please stop!!!

    1. Re:Why do you keep mentioning SUPRnova damn it by johannesg · · Score: 5, Funny
      Just to clarify, the site he is talking about is this one. What he is trying to say is this: if the bad guys ever find out about it, they might try to do something stupid and most likely illegal such as performing a DDOS. And we really don't want it to go down, since it is a most excellent source for TV shows, movies, games, and music.

      I guess the first rule of www.suprnova.org is: don't talk about www.suprnova.org.

  13. Next-gen P2P? by Alwin+Henseler · · Score: 5, Informative
    So it's time to switch to a serverless network under an open-source project?

    A network with no central servers or even 'supernodes' reduces the effect of DoS-attacks, and leaves no single person or company to attack with a lawsuit. But that alone isn't enough. Other problems remain, like the privacy issue. Many P2P networks reveal IP addresses of nodes on 'the other end'. Thus, after retrieval of a file, you know from what IP address(es) the file came from. That leaves the network vulnerable for attacks or legal steps against individual users.

    To prevent this, it must be impossible to find out who/where a retrieved file (or search query) actually came from (IP, geographical location or otherwise).

    Besides the well known Freenet, there's another promising one called ANts. From what I can tell, it works by passing data between nodes, without passing info on the endpoints where data is coming from/going to. Each node passes data on, but doesn't know if the next node will keep it, or in turn pass it on to yet another node in a path. IP addresses are replaced with a virtual 'network ID' (regularly discarded), and combined with encryption, a single node can't tell what it's passing on, where it came from, or where it's going. IP addresses are only known for a few neighbours it contacts directly. For an analogy, think anonymous remailers. The project page also mentions something similar called MUTE. I guess you could call projects like this 3rd generation P2P networks. Looking forward to it! (and please add if you know more like these)

    1. Re:Next-gen P2P? by mrogers · · Score: 5, Informative

      There's also GNUnet, which is similar to Freenet but with files broken up into equal-sized chunks to allow parallel downloads. All these systems are fine for avoiding an adversary like the RIAA that has limited powers and only wants to collect a few IP addresses for lawsuits, but they shouldn't be considered anonymous or censorship-resistant in any strong sense. Freenet, MUTE and JetiAnts can be DOSed pretty easily and GNUnet's anonymity can be undermined. I'm researching censorship-resistant communication for my PhD so I've got a literature review and bibliography online if you're interested.

  14. Re:Netcraft confirms it: by hrm · · Score: 5, Funny

    You can tell slashdot culture is going down the drain when even the trolls can't be bothered to send in a properly updated post.

    Not just you, but the old people in Korea and Soviet Russia are absent as well. And who's imagining beowulf clusters of bittorrent sites these days, even if it's in Japan?

    The ./ posts confirm it: trolling is dying!

  15. Re:explain me ? by ultranova · · Score: 5, Informative

    Can anyone explain the torrent principle ?

    Suppose server X hosts a really popular large file of, say, 100MB in size. Suppose that server only has 1MB/sec upstream bandwith. Suppose users A and B both want the file. The server needs to send the file twice, once for A and once for B. Obviously, this takes twice as long as sending the file just once. And if there's two more people, C and D, also downloading the file, it needs to be sent four times and takes four times as long as sending it only once. In other words, the more people are downloading the file, the slower each download gets.

    The torrent principle tries to solve this problem. The idea is that A and B start downloading different parts of the large file. For example, A could start downloading the first half and B the second half. Once A has downloaded some of the file, he starts sending it to B, and B does the same. Suppose, for the sake of simplicity, that both A and B have the same bandwith as the server, and that everyone has the same up- and downstream bandwith.

    Now, A is getting the file from server X at 1/2 MB per second. A is also downloading the file from B at 1/2 MB per second, and thus is getting a combined speed of 1 MB/sec. The same goes for B.

    This is the torrent principle: use the upstream bandwith of downloaders to help ease the load on server.

    Now, A and B need to learn about each other's existence in order to cooperate in this way. In BitTorrent, this is done via a tracker. You download a small torrent file, which contains the address of the tracker, the names and sizes of the files in this torrent, and checksums for each part of the file (to prevent people from sending fake parts). Someone generated this torrent file from file(s) he had on his computer, uploaded it to a torrent tracker, and then launched BitTorrent. BitTorrent checks the files against the checksums, notices that there is no pieces missing, and thus doesn't try to download any - just upload (making it a so-called "seed"). It then connects to a tracker and lets it know that "I'm here". When someone else uses this torrent file, their BitTorrent client connects to the tracker, asks for addresses of peers, and starts downloading pieces from them (and uploading pieces to them - there is a simple "tit for tat" method that ensures that you serve best the nodes which upload to you, thus ensuring that everyone will indeed participate). Once a node gets all the file pieces and has thus finished the download, it becomes a "seed" and keeps on uploading untill the user terminates it.

    So, the trackers are absolutely vital for BitTorrent; without them, the clients can not learn about each other, and thus can't connect to each other and up- and download.

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.