Presentation is loading. Please wait.

Presentation is loading. Please wait.

DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006."— Presentation transcript:

1 DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006

2 Background BitTorrent (BT)  P2P file sharing protocol  30% of Internet traffic  6881- top 10 scanned port in the Internet DDoS  Distributed – hard to guard against by simply filtering at upstream routers  Application level (resources)  Network level (bandwidth)

3 How BT works.torrent file (meta-data)  Information of files being shared  Hashes of pieces of files Trackers (coordinator)  http, udp trackers  Trackerless (DHT) BT clients (participants)  Azureus  BitComet  uTorrent  etc. Online forum (exchange medium)  For user to announce and search for.torrent files

4 Communication with trackers Tracker seeder clients client.torrent I have the file! Who has the file? Discussion forum Who has the file?

5 Message exchange HTTP/UDP tracker  Get peer + announce combined (who is sharing files)  Scrapping (information lookup) DHT (trackerless)  Ping/response (announcing participation in DHT network)  Find node (location peers in DHT network)  Get peer (locate who is sharing files)  Announce (announce who is sharing files)

6 Vulnerabilities Spoofed information  * Both http and udp trackers allow specified IP in announce  DHT does not allow specified IP in announce Allow spoofed information on who is participating in DHT network Possible to redirect a lot of DHT query to a victim Compromised tracker

7 Attack illustration Tracker victim clients attacker Victim has the files! Discussion forum Who has the files?.torrent

8 Experiments Discussion forum (http://www.mininova.org)  1191 newly uploaded.torrent files in 2 days Victim (131.179.187.205)  Apache web server (configured to serve 400 clients)  tcpdump, netstat Attacker  Python script to process.torrent files and contact trackers Zombies  Computers running BitTorrent clients in the Internet

9 Statistics Total1191 Corrupted6 Single tracker999 Multiple trackers186 Support DHT121 http trackers1963 udp trackers85 Unique http trackers311 Unique udp trackers21 Torrents Trackers

10 Measurements (1) Attacker  1191 torrent files used  30 concurrent threads, contact trackers once

11 Measurements (2) Attacker  1191 torrent files used  40 concurrent threads, contact trackers 10 times  Attack ends after 8 hours

12 Measurements (3) 30513 distinct IPs recorded Number of connection attempts per host  Retry 3,6,9,… seems a common implementation

13 Measurement (abnormal behavior) o Top 15 hosts with highest number of connection attempts o 8995202.156.6.67Country: SINGAPORE (SG) o 876224.22.183.141Country: UNITED STATES (US) o 195371.83.213.106Country: (Unknown Country?) (XX) o 184124.5.44.13Country: UNITED STATES (US) o 1273147.197.200.44Country: UNITED KINGDOM (UK) o 123382.40.167.116Country: UNITED KINGDOM (UK) o 1183194.144.130.220Country: ICELAND (IS) o 117182.33.194.6Country: UNITED KINGDOM (UK) o 1167219.78.137.197Country: HONG KONG (HK) o 105383.146.39.94Country: UNITED KINGDOM (UK) o 104282.10.187.190Country: UNITED KINGDOM (UK) o 89665.93.12.152Country: CANADA (CA) o 86184.231.86.223Country: FINLAND (FI) o 85524.199.85.75Country: UNITED STATES (US) o 753207.210.96.205Country: CANADA (CA) o Content pollution agents? o Other researchers?

14 Top 15 countries United States Canada United Kingdom Germany France Spain Australia Sweden Netherlands Malaysia Norway Poland Japan Brazil China

15 Countries with less BT clients running Albania Bermuda Bolivia Georgia Ghana Kenya Lao Lebanon Monaco Mongolia Nicaragua Nigeria Qatar Tanzania Uganda Zimbabwe

16 Solution Better tracker implementation Authentication with trackers  Similar to the one used in DHT Filtering packets by analyzing the protocol  e.g. check [SYN|ACK|80] incoming packets for legitimate HTTP header

17 End Q and A

18 Tracker seeder client.torrent I have the file! Who has the file? Discussion forum

19 Tracker victim clients attacker Victim has the files! Discussion forum Who has the files?.torrent

Download ppt "DDoS Vulnerability Analysis of BitTorrent Protocol CS239 project Spring 2006."

Similar presentations

The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.

The BitTorrent Protocol. What is BitTorrent?  Efficient content distribution system using file swarming. Does not perform all the functions of a typical.
© 2015 Imperva, Inc. All rights reserved. Collateral DDoS Ido Leibovich, ADC.

© 2015 Imperva, Inc. All rights reserved. Collateral DDoS Ido Leibovich, ADC.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine.

BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy, Minas Gjoka, Athina Markopoulou UC Irvine.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Presented by Stephen Kozy. Presentation Outline Definition and explanation Comparison and Examples Advantages and Disadvantages Illegal and Legal uses.

Presented by Stephen Kozy. Presentation Outline Definition and explanation Comparison and Examples Advantages and Disadvantages Illegal and Legal uses.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
© Lloyd’s Regional Watch Content Guide CLICK ANY BOX AMERICAS IMEA EUROPE ASIA PACIFIC.

© Lloyd’s Regional Watch Content Guide CLICK ANY BOX AMERICAS IMEA EUROPE ASIA PACIFIC.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University

KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.

Similar presentations

Ads by Google