DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.

Slides:



Advertisements
Similar presentations
The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.
Advertisements

© 2015 Imperva, Inc. All rights reserved. Collateral DDoS Ido Leibovich, ADC.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine.
Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Presented by Stephen Kozy. Presentation Outline Definition and explanation Comparison and Examples Advantages and Disadvantages Illegal and Legal uses.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
© Lloyd’s Regional Watch Content Guide CLICK ANY BOX AMERICAS IMEA EUROPE ASIA PACIFIC.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.
Privacy in P2P based Data Sharing Muhammad Nazmus Sakib CSCE 824 April 17, 2013.
BitTorrent Presentation by: NANO Surmi Chatterjee Nagakalyani Padakanti Sajitha Iqbal Reetu Sinha Fatemeh Marashi.
BitTorrent How it applies to networking. What is BitTorrent P2P file sharing protocol Allows users to distribute large amounts of data without placing.
Professor OKAMURA Laboratory. Othman Othman M.M. 1.
The Internet Writer’s Handbook 2/e Introduction to World Wide Web Terms Writing for the Web.
ISBN What The Numbers Mean Exactly. The prefix element. The registration group identifier. The registrant and the publisher element. The publication element.
What can we learn from the available data? Mike Palmedo June 9, 2014.
Qualifications are better understood Using UK NARIC’s International Comparisons.
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
2: Application Layer1 Chapter 2: Application layer r 2.1 Principles of network applications r 2.2 Web and HTTP r 2.3 FTP r 2.4 Electronic Mail  SMTP,
Professor OKAMURA Laboratory. Othman Othman M.M. 1.
Bit Torrent A good or a bad?. Common methods of transferring files in the internet: Client-Server Model Peer-to-Peer Network.
David A. Bryan, PPSP Workshop, Beijing, China, June 17th and 18th 2010 PPSP Protocol Considerations.
--Harish Reddy Vemula Distributed Denial of Service.
1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)
Bittorrent Protocol Implementation. Bittorrent Bittorrent is a widely used peer-to- peer network used to distribute files, especially large ones It has.
Exhibitions Management Services Website Statistics From 1 January to 31 July 2014.
Global MAX Welcome to the world of…. About us We take pleasure in inviting you to become a member of Global MAX. We have two objectives: 1 st to provide.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
An analysis of Skype protocol Presented by: Abdul Haleem.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
P2PComputing/Scalab 1 Gnutella and Freenet Ramaswamy N.Vadivelu Scalab.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
The Client-Server Model And the Socket API. Client-Server (1) The datagram service does not require cooperation between the peer applications but such.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
The United States The Economy. What is GDP ? Gross Domestic Product (GDP): The total market (or dollar) value of all final goods and services produced.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Tourism Input DHA Briefing to Tourism Portfolio Committee 21 June 2011.
Bit Torrent Nirav A. Vasa. Topics What is BitTorrent? Related Terms How BitTorrent works Steps involved in the working Advantages and Disadvantages.
Project 3 Overview Spring 2010 Recitation #9.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
NGMAST Mobile DHT Energy1 Optimizing Energy Consumption of Mobile Nodes in Heterogeneous Kademlia-based Distributed Hash Tables Imre Kelényi Budapest.
STUDY ABROAD TRENDS April 2009 Sara Dumont Director Abroad at AU American University.
Pinger and IEPM-BW activity at FNAL By Frank Nagy FTP/CCF Computing Division Fermilab.
Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.
An example of peer-to-peer application
Copyright notice © 2008 Raul Jimenez - -
Decentralized peer discovery performance in swarm-protocols
I know what you are Sharing
The BitTorrent Protocol
Content Distribution Networks + P2P File Sharing
2006 Rank Adjusted for Purchasing Power
Kademlia: A Peer-to-peer Information System Based on the XOR Metric
#02 Peer to Peer Networking
Content Distribution Networks + P2P File Sharing
Presentation transcript:

DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006

Background BitTorrent (BT)  P2P file sharing protocol  30% of Internet traffic  top 10 scanned port in the Internet DDoS  Distributed – hard to guard against by simply filtering at upstream routers  Application level (resources)  Network level (bandwidth)

How BT works.torrent file (meta-data)  Information of files being shared  Hashes of pieces of files Trackers (coordinator)  http, udp trackers  Trackerless (DHT) BT clients (participants)  Azureus  BitComet  uTorrent  etc. Online forum (exchange medium)  For user to announce and search for.torrent files

Communication with trackers Tracker seeder clients client.torrent I have the file! Who has the file? Discussion forum Who has the file?

Message exchange HTTP/UDP tracker  Get peer + announce combined (who is sharing files)  Scrapping (information lookup) DHT (trackerless)  Ping/response (announcing participation in DHT network)  Find node (location peers in DHT network)  Get peer (locate who is sharing files)  Announce (announce who is sharing files)

Vulnerabilities Spoofed information  * Both http and udp trackers allow specified IP in announce  DHT does not allow specified IP in announce Allow spoofed information on who is participating in DHT network Possible to redirect a lot of DHT query to a victim Compromised tracker

Attack illustration Tracker victim clients attacker Victim has the files! Discussion forum Who has the files?.torrent

Experiments Discussion forum (  1191 newly uploaded.torrent files in 2 days Victim ( )  Apache web server (configured to serve 400 clients)  tcpdump, netstat Attacker  Python script to process.torrent files and contact trackers Zombies  Computers running BitTorrent clients in the Internet

Statistics Total1191 Corrupted6 Single tracker999 Multiple trackers186 Support DHT121 http trackers1963 udp trackers85 Unique http trackers311 Unique udp trackers21 Torrents Trackers

Measurements (1) Attacker  1191 torrent files used  30 concurrent threads, contact trackers once

Measurements (2) Attacker  1191 torrent files used  40 concurrent threads, contact trackers 10 times  Attack ends after 8 hours

Measurements (3) distinct IPs recorded Number of connection attempts per host  Retry 3,6,9,… seems a common implementation

Measurement (abnormal behavior) o Top 15 hosts with highest number of connection attempts o Country: SINGAPORE (SG) o Country: UNITED STATES (US) o Country: (Unknown Country?) (XX) o Country: UNITED STATES (US) o Country: UNITED KINGDOM (UK) o Country: UNITED KINGDOM (UK) o Country: ICELAND (IS) o Country: UNITED KINGDOM (UK) o Country: HONG KONG (HK) o Country: UNITED KINGDOM (UK) o Country: UNITED KINGDOM (UK) o Country: CANADA (CA) o Country: FINLAND (FI) o Country: UNITED STATES (US) o Country: CANADA (CA) o Content pollution agents? o Other researchers?

Top 15 countries United States Canada United Kingdom Germany France Spain Australia Sweden Netherlands Malaysia Norway Poland Japan Brazil China

Countries with less BT clients running Albania Bermuda Bolivia Georgia Ghana Kenya Lao Lebanon Monaco Mongolia Nicaragua Nigeria Qatar Tanzania Uganda Zimbabwe

Solution Better tracker implementation Authentication with trackers  Similar to the one used in DHT Filtering packets by analyzing the protocol  e.g. check [SYN|ACK|80] incoming packets for legitimate HTTP header

End Q and A

Tracker seeder client.torrent I have the file! Who has the file? Discussion forum

Tracker victim clients attacker Victim has the files! Discussion forum Who has the files?.torrent

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.