BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine.

Slides:



Advertisements
Similar presentations
Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Advertisements

Peter R. Pietzuch Peer-to-Peer Computing – or how to make your BitTorrent downloads go faster... Peter Pietzuch Large-Scale Distributed.
The BitTorrent Protocol
The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.
Incentives Build Robustness in BitTorrent Bram Cohen.
© 2015 Imperva, Inc. All rights reserved. Collateral DDoS Ido Leibovich, ADC.
End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Chapter 2 Application Layer Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April A note on the use.
BitTorrent Join the swarm! BY: Joe Petruska. What is BitTorrent? a peer-to-peer file sharing protocol used for distributing large amounts of data.
1 Is Content Publishing in BitTorrent Altruistic or Profit-Driven? 梁懿.
Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
CompSci 356: Computer Network Architectures Lecture 21: Content Distribution Chapter 9.4 Xiaowei Yang
Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.
DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
Presented by Stephen Kozy. Presentation Outline Definition and explanation Comparison and Examples Advantages and Disadvantages Illegal and Legal uses.
1 Incentives Build Robustness in BitTorrent? Analysis on Bit Torrent Client performance By Jimmy Wong.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
P2P WeeSan Lee
Boyu Chen Yulin Xia Haoyu Xu Viterbi School of Engineering University of Southern California P2P file sharing system with a central server.
The Bittorrent Protocol
KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University
Introduction Widespread unstructured P2P network
BitTorrent Presentation by: NANO Surmi Chatterjee Nagakalyani Padakanti Sajitha Iqbal Reetu Sinha Fatemeh Marashi.
By Shobana Padmanabhan Sep 12, 2007 CSE 473 Class #4: P2P Section 2.6 of textbook (some pictures here are from the book)
University of Bologna, Italy How to cheat BitTorrent and why nobody does Simon Patarin and David Hales University of Bologna ECCS 2006,
BitTorrent Internet Technologies and Applications.
BitTorrent How it applies to networking. What is BitTorrent P2P file sharing protocol Allows users to distribute large amounts of data without placing.
Forensics Investigation of Peer-to- Peer File Sharing Networks Authors: Marc Liberatore, Robert Erdely, Thomas Kerle, Brian Neil Levine & Clay Shields.
Distributed Systems Concepts and Design Chapter 10: Peer-to-Peer Systems Bruce Hammer, Steve Wallis, Raymond Ho.
P2P For More Showcase Presentation Jessie Gardiner John Lasa Travis Sheppard April 29, 2010.
D iocesan B oys’ S chool L 6 ASL C omputer A pplications R eading S cheme B it T orrent C han C hun H o L 6A (1)
BitTorrent Dr. Yingwu Zhu. Bittorrent A popular P2P application for file exchange!
A P2P file distribution system ——BitTorrent Pegasus Team CMPE 208.
Computer Networks (CS 132/EECS148) General Networking Example Karim El Defrawy Donald Bren School of Information and Computer Science University of California.
2: Application Layer1 Chapter 2: Application layer r 2.1 Principles of network applications r 2.2 Web and HTTP r 2.3 FTP r 2.4 Electronic Mail  SMTP,
Bit Torrent A good or a bad?. Common methods of transferring files in the internet: Client-Server Model Peer-to-Peer Network.
David A. Bryan, PPSP Workshop, Beijing, China, June 17th and 18th 2010 PPSP Protocol Considerations.
11/10/20151 A Standalone Content Sharing Application for Spontaneous Communities of Mobile Handhelds Authors: Amir Krifa –
--Harish Reddy Vemula Distributed Denial of Service.
Hongil Kim E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High.
An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.
Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective) Authors: Junho Suh, Hoon-gyu Choi, Wonjun.
An analysis of Skype protocol Presented by: Abdul Haleem.
B IT T ORRENT T ECHNOLOGY Anthony Pervetich. H ISTORY Bram Cohen Designed the BitTorrent protocol in April 2001 Released July 2, 2001 Concept Late 90’s.
Experience Sharing in Mobile Peer Communities EPI Planete, INRIA International Consortium Meeting (Oulou) 10 June, 2009.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Bit Torrent Nirav A. Vasa. Topics What is BitTorrent? Related Terms How BitTorrent works Steps involved in the working Advantages and Disadvantages.
INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.
End-to-end Publishing Using Bittorrent. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It.
Chapter 29 Peer-to-Peer Paradigm Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS Spring 2010 CS 414 – Multimedia Systems Design Lecture 24 – Introduction to Peer-to-Peer (P2P) Systems Klara Nahrstedt (presented by Long Vu)
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Distributed Web Systems Peer-to-Peer Systems Lecturer Department University.
November 19, 2016 Guide:- Mrs. Kale J. S. Presented By:- Hamand Amol Sambhaji. Hamand Amol Sambhaji. Pardeshi Dhananjay Rajendra. Pardeshi Dhananjay Rajendra.
An example of peer-to-peer application
Copyright notice © 2008 Raul Jimenez - -
Introduction to BitTorrent
BitTorrent Vs Gnutella.
Monitoring Network Bias
PEER TO PEER BitTorrent.
SCHOOL OF ELECTRICAL ENGINEERING AND TELECOMMUNICATIONS
Angelo Sapello University of Delaware
The BitTorrent Protocol
The Case for DDoS Resistant Membership Management in P2P Systems
PEER-TO-PEER SYSTEMS.
#02 Peer to Peer Networking
Presentation transcript:

BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine

Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

Introduction oIn 2006, 60% of Internet traffic was due to peer-to-peer (P2P) protocols (Cache Logic) oBitTorrent is more than 35% by end of 2006 (Cache Logic) oMininova torrent search engine hit 2 billion downloads (Mininova - June 13 th 2007)

P2P traffic is rising

BitTorrent is responsible for a significant amount of P2P traffic

P2P based DDoS attacks recently observed o announced on May 14 th 2007 observing an increase in P2P based DDoS attacks o Attack based on the direct connect (DC) P2P system o Attack involved over IPs o

P2P based DDoS attacks recently observed o announced on May 14 th 2007 observing an increase in P2P based DDoS attacks o Attack based on the direct connect (DC) P2P system o Attack involved over IPs o P2P DDoS is already happening !

Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download

How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download 1- Users download torrents

How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download 1- Users download torrents 2- Users’ clients contact tracker to join swarm and get list of peers in swarm

How BitTorrent works? - User publishes torrents - Set up a tracker to coordinate the download 1- Users download torrents 2- Users’ clients contact tracker to join swarm and get list of peers in swarm 3- Download different parts of file from different peers

Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

Different attacks Entity FakedBT ModeRequirements Report Fake PeerCentralized Tracker Mode Send a spoofed message to tracker announcing victim as peer Report Fake TrackerCentralized Tracker Mode Publish torrents pointing to victim as a tracker (multi-tracker) Report Fake PeerDHT ModeSend fake BT PING message to DHT network spoofing source address of victim

Different attacks Entity FakedBT ModeRequirements Report Fake PeerCentralized Tracker Mode Send a spoofed message to tracker announcing victim as peer Report Fake TrackerCentralized Tracker Mode Publish torrents pointing to victim as a tracker (multi-tracker) Report Fake PeerDHT ModeSend fake BT PING message to DHT network spoofing source address of victim

How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents

How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents 1- Users download torrents with fake trackers pointing to victim

How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents 1- Users download torrents with fake trackers pointing to victim 2- Clients contact victim in hope of starting the download

How an attack faking tracker works? - Attacker publishes fake torrents with multiple tracker entries (or single) - Set up a tracker to report high number of seeders and leechers for these torrents 1- Users download torrents with fake trackers pointing to victim 2- Clients contact victim in hope of starting the download ….

Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

Experiment Setup o Victim machine: Pentium 2, 512 Mbps RAM, Debian Linux, 100Mbps Ethernet, running a light HTTP server o Modified tracker reports a fake (high) number of seeders and leechers to search engine o Publish fake torrents on search engines o Wait ….

Proof of concept attack results Exp. # # Torrents Ports AttackedThroughput (Kbps)Total Unique # Hosts TCP Conn. Avg/sec New Host Interarrival Time (sec) Open (Freq)ClosedAvg a Max a I101 (1) II251 (10) III251 (1) IV251 (50) + 1 (1) a Excluding the initial transient period (6 hours) of the experiment

Number of TCP connections per second

Attack throughput

Amount of traffic from clients

Distribution of sources in the IP address space

o Attack sources in 2433 ASs on the Internet o Attack sources in announced BGP prefixes Mapping attack sources to ASs and BGP prefixes

Attack ports

Related Work oAttack using Overnet : poison around 7000 files to be effective (Naoumov ) oAttack faking client: poison swarms of 1119 torrents to generate several thousand TCP connections (Cheung Sia ) oAttack faking tracker is more effective: tracker is a central point in the architecture

Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

We contacted: oBitTorrent and Bram Cohen oSearch Engines: Mininova, Pirate Bay, BitTorrent Monster oClients developers: Azureus, Bitcomet oProlexic oResponse from Azureus developers only Reporting the problem

Solutions oHandshake between clients and trackers similar to the one between clients. oClients exchange view of trackers similar to exchanging view of peers. oMechanism to identify and trace the seeders of the fake torrents (based on hashes).

Outline o Introduction o How BitTorrent works o Using BitTorrent to launch DDoS attacks o Experiment details and results o Can we fix BitTorrent to prevent such attacks? o Summary

Summary oPresented misusing BitTorrent to launch DDoS attacks oProof of concept attack implementation oAnalyzed characteristics of the attack oProposed fixes to BitTorrent to detect and prevent such attacks oCurrently implementing fixes

Questions ?

Thank you!

Distribution of IPs on BGP Prefixes

Distribution of IPs on ASs

Unique hosts per second

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.