P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

Adamsky, Florian; Khayam, Syed Ali; Jäger, Rudolf; Rajarajan, Muttukrishnan

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

Adamsky, Florian; Khayam, Syed Ali; Jäger, Rudolf et al.

2015 • In USENIX Workshop on Offensive Technologies (WOOT '15)

Peer reviewed

Permalink
https://hdl.handle.net/10993/35936

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

woot15-paper-adamsky.pdf

Publisher postprint (121.63 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Adamsky, Florian ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Khayam, Syed Ali; PLUMgrid Inc.

Jäger, Rudolf; Technische Hochschule Mittelhessen

Rajarajan, Muttukrishnan; City University London

External co-authors :

yes

Language :

English

Title :

P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

Publication date :

2015

Event name :

USENIX Workshop on Offensive Technologies (WOOT '15)

Event organizer :

USENIX

Event place :

Washington, United States

Event date :

2015

Audience :

International

Main work title :

USENIX Workshop on Offensive Technologies (WOOT '15)

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 16 June 2018

Statistics

Number of views

76 (0 by Unilu)

Number of downloads

365 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Public Directory of BitTorrent Sync Keys. http://btsynckeys.com/.
Reddit: BitTorrent Sync Secrets. http://www.reddit.com/r/btsecrets/.
Azureus messaging protocol - VuzeWiki. https://wiki.vuze.com/w/Azureus_messaging_protocol, Oct. 2010.
BEP 33: DHT Scrapes. Tech. rep., BitTorrent Inc., Jan. 2010.
Distributed hash table. https://wiki.vuze.com/w/ Distributed_hash_table, Oct. 2012.
BitTorrent Sync. https://www.getsync.com/, Apr. 2013.
BitTorrentPeerExchangeConventions - Theory.org Wiki. https://wiki.theory.org/ BitTorrentPeerExchangeConventions, Apr. 2014.
Message Stream Encryption Format Specification Version 1.0. http://wiki.vuze.com/w/Message_Stream_Encryption, May 2014.
Spoofer Project: State of IP Spoofing. http://spoofer.cmand.org/summary.php, Jan. 2015.
ADAMSKY, F., KHAYAM, S. A., JÄGER, R., AND RAJARAJAN, M. Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver. In Proceedings of the 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (Oct. 2012), IEEE, pp. 143–150.
ADAR, E., AND HUBERMAN, B. A. Free Riding on Gnutella. First Monday (2000).
BRUMLEY, B. B., AND VALKONEN, J. Attacks on Message Stream Encryption. In Proceedings of the 13th Nordic Workshop on Secure IT Systems (Copenhagen, Denmark, Oct. 2008), pp. 163–173.
COHEN, B. Incentives build robustness in BitTorrent. In Proceedings of 1st Workshop on Economics of Peer-to-Peer Systems (2003), pp. 1–5.
COHEN, B. BEP 03: The BitTorrent Protocol Specification. Tech. rep., BitTorrent Inc., Nov. 2013.
DABEK, F., COX, R., KAASHOEK, F., AND MORRIS, R. Vivaldi: a decentralized network coordinate system. In Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (2004), ACM Press, pp. 15–26.
DEFRAWY, K. E., GJOKA, M., AND MARKOPOULOU, A. Bot-Torrent: misusing BitTorrent to launch DDoS attacks. In Proceedings of the 3rd USENIX Workshop on Steps to Reducing Unwanted Traffic on the Internet (June 2007), USENIX Association, pp. 1–6.
DURUMERIC, Z., WUSTROW, E., AND HALDERMAN, A. J. ZMap: Fast Internet-wide Scanning and Its Security Applications. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13) (Washington, Aug. 2013), pp. 605–620.
ERGUSON, P., AND SENIE, D. BCP 38: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. Tech. rep., Internet Engineering Task Force (IETF), May 2000.
HARRINGTON, J., KUWANOE, C., AND ZOU, C. C. A BitTorrent-driven distributed. In Proceedings of the 3th International Conference on Security and Privacy in Communications Networks (2007), IEEE, pp. 261–268.
HARRISON, D. BEP 20: Peer ID Conventions. Tech. rep., BitTorrent Inc., Feb. 2008.
HAZEL, G. Announcements: uTorrent 1.9 alpha 15380. https://goo.gl/4ThWLY, Dec. 2008.
HJELMVIK, E., AND JOHN, W. Statistical protocol identification with SPID: Preliminary results. In Proceedings of the Swedish National Computer Networking Workshop (2009).
KOSTÍC, D., BRAUD, R., KILLIAN, C., VANDEKIEFT, E., ANDERSON, J. W., SNOEREN, A. C., AND VAHDAT, A. Maintaining high bandwidth under dynamic network conditions. In Proceedings of the annual conference on USENIX Annual Technical Conference (2005), pp. 193–208.
KUEHLEWIND, M., HAZEL, G., SHALUNOV, S., AND IYENGAR, J. RFC 6817: Low Extra Delay Background Transport (LEDBAT). http://tools.ietf.org/html/rfc6817, Dec. 2012.
KÖHNEN, C., ÜBERALL, C., ADAMSKY, F., RAKOCEVIC, V., RAJARAJAN, M., AND JÄGER, R. Enhancements to Statistical Protocol IDentification (SPID) for Self-Organised QoS in LANs. In Proceedings of the 19th International Conference on Computer Communications and Networks (ICCCN) (Aug. 2010), IEEE, pp. 1–6.
KÜHRER, M., HUPPERICH, T., ROSSOW, C., AND HOLZ, T. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks. In 23rd USENIX Security Symposium (USENIX Security 14) (San Diego, CA, Aug. 2014).
KÜHRER, M., HUPPERICH, T., ROSSOW, C., AND HOLZ, T. Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks. In Proceedings of the 8th USENIX Workshop on Offensive Technologies (San Diego, CA, Aug. 2014), USENIX Association.
LEGOUT, A., URVOY-KELLER, G., AND MICHIARDI, P. Rarest first and choke algorithms are enough. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (2006), ACM Press, pp. 203–216.
LOESING, K., MURDOCH, S. J., AND JANSEN, R. Evaluation of a libutp-based Tor Datagram Implementation. Tech. rep., Oct. 2013.
LOEWENSTERN, A., AND NORBERG, A. BEP 05: DHT Protocol. Tech. rep., BitTorrent Inc., Mar. 2013.
NAOUMOV, N., AND ROSS, K. Exploiting P2p systems for DDoS attacks. In Proceedings of the International Workshop on Peer-to-Peer Information Management (2006), ACM Press, pp. 47–53.
NORBERG, A. BEP 29: uTorrent transport protocol. Tech. rep., BitTorrent Inc., June 2009.
NORBERG, A. uTorrent Forum: Local Peer Discovery Documentation. http://goo.gl/jAgTlC, 2009.
NORBERG, A., STRIGEUS, L., AND HAZEL, G. BEP 10: Extension Protocol. Tech. rep., BitTorrent Inc., Feb. 2008.
PALOALTO NETWORKS. Application Usage Threat Report. http://researchcenter.paloaltonetworks.com/app-usage-risk-report-visualization/#sthash. Lme8Q76M.dpbs, 2013.
PRINCE, M. Deep Inside a DNS Amplification DDoS Attack. http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack/, Oct. 2012.
PRINCE, M. Technical Details Behind a 400gbps NTP Amplification DDoS Attack. https://goo.gl/l1vPTN, Feb. 2014.
PROTALINSKI, E. BitTorrent Sync Passes 1 Million Users, Gets iPad Support and API. http://goo.gl/p46p9y, May 2013.
ROSSOW, C. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In Proceedings of the Network and Distributed System Security Symposium (NDSS 14) (2014), Internet Society, pp. 1–5.
STEINER, M., AND BIERSACK, E. W. Where Is My Peer? Evaluation of the Vivaldi Network Coordinate System in Azureus. NETWORKING 2009 (2009).
VAN DER SAR, E. uTorrent Keeps BitTorrent Lead, BitComet Fades Away. https://goo.gl/EImuS, Sept. 2011.
VAN DER SAR, E. BitTorrent Traffic Increases 40 https://goo.gl/d4cGA, July 2012.
WANG, L., AND KANGASHARJU, J. Measuring large-scale distributed systems: case of BitTorrent Mainline DHT. In Proceedings of the 13th IEEE International Conference on Peer-to-Peer Computing (Sept. 2013), IEEE, pp. 1–10.