BitTorrent Clients Can Be Made To Participate In High-Volume DoS Attacks

An anonymous reader writes: A group of researchers have discovered some of the most popular BitTorrent applications, including uTorrent, Mainline, and Vuze are vulnerable to a newly discovered form of distributed denial of service attack that makes it easy for a single person to bring down large sites. The weaknesses allow an attacker to insert the target's IP address instead of their own in the malicious request. To mount a Distributed Reflective DoS (DRDoS) attack, an attacker sends this malformed requests to other BitTorrent users, which then act as reflectors and amplifiers and flood the intended victim with responses.

Interesting.

[Shaman]

I've wondered several times to myself if this was possible. I figured no, since the torrent clients / seeds participate in an ACK system of sorts (or, so I've reasoned), so the sending clients would not get a return and so wouldn't keep bothering. But then, this *IS* possible to a torrent client which clicks on a carefully formed link and always was. Ever click on a link that has 40,000+ peers and/or seeds on it?

Re:Spoofed Source IP

God forbid anyone do any sort of egress filtering on their end-user networks to make sure that any packets leaving it, claim to come from it.

You'd think this would have been solved aeons ago, what with ISPs cutting costs and refusing to upgrade infrastructure. Cutting off DOS attacks before they head out onto the upstream backbone that they've got to pay for seems like a no-brainer.

Could this lead to false sharing allegations?

[ukoda]

Given media companies chasing people for illegal sharing on the basis the very lists that this exploit is manipulating I guess this could lead to false allegations of file sharing? I guess it could be used in countries like New Zealand to have victims force disconnected by their ISP for multiple instances of file sharing when they had in fact never shared anything?