Categories: All

BitTorrent Patches Flaw That Allowed Website Killing DRDoS Attacks


SPR’s: Today in its blog, BitTorrent announced that it has fixed a vulnerability that allowed the attackers to take down websites by carrying out distributed reflective denial of service attacks (DRDoS).

Recently Florian Adamsky gave a presentation at a USENIX Workshop tell the possibilities of exploiting UDP-based protocols for DRDoS attacks. uTorrent, BitTorrent, and BitTorrent Sync use the Micro Transport Protocol (µTP) implementation in libuTP as the preferred transport backend running on top of UDP. Due to this, the attacker with modest resources could exploit a BitTorrent user unknowingly and drive a large volume of traffic to the victim to make them offline.
However, Christian Averill, Vice President of Communications and Brand for BitTorrent, tells fossBytes that such an attack has not been observed in the wild. He states: “First, it’s important to understand that this is a theoretical scenario and that such an attack has not been observed in the wild. Florian Adamsky and his co-authors conducted an experiment in a controlled environment producing the results presented in the paper.”
In his recent blog post, he outlines the fact that the BitTorrent engineering team has mitigated any distant possibility of such an attack. In another post, Francisco De La Cruz, software engineer on the uTorrent/BitTorrent team, tells how such an attack works and further explains the steps taken by his team.
Christian tells fossBytes that Florian and the co-authors reported their findings to BitTorrent team responsibly few weeks back and they have issued a fix to the torrent client.
He also shares an interesting point about the vulnerability in Sync. “Even before the recent updates to Sync, the severity of the vulnerability was reduced by a few factors. First, the attacker would have to know the Sync user they are trying to exploit to get their “Secret” – or the Sync user would have to have exposed that “Secret” publicly in some way. In addition, Sync, by design, limits the amount of peers in a share making the attack surface much smaller. It would not serve as an effective source to mount large-scale attacks,” he explains.
Having something to add? Share your opinions through comments.
spatsariya

Share
Published by
spatsariya

Recent Posts

How To View Your Instagram Reel History: 4 Ways

Quick Answer Instagram does not keep a history of the Reels you watch. The app…

10 hours ago

Can you Scale with Kanban? In-depth Review

What works well for one team becomes chaos when scaled to a department or company…

3 days ago

Type Soul Trello V2 Link (2025)

Inspired by the super-popular anime and manga series Bleach, Type Soul is a Roblox game…

4 days ago

Zerith H1: The First Humanoid Robot for Hotel Housekeeping

The hospitality sector is embracing a tech revolution with the introduction of the Zerith H1…

5 days ago

Asus Vivobook S14 OLED Review: A Real MacBook Alternative

The Vivobook S14 OLED delivers impressive value by combining a sleek, lightweight design with the…

5 days ago

How To Make Marriage in Infinite Craft?

Infinite Craft is a fun sandbox game that challenges players to create new items by combining…

6 days ago