P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks Florian Adamsky Syed Ali Khayam Rudolf Jäger City University London PLUMgrid Inc. THM Friedberg [email protected] [email protected] [email protected] Muttukrishnan Rajarajan City University London [email protected] Abstract what they received from the attacker—i.e. the reflectors act as amplifiers. In this paper, we demonstrate that the BitTorrent proto- The impact of a DRDoS attack is proportional to the col family is vulnerable to distributed reflective denial- adoption of the protocol that it is exploiting, as wide of-service (DRDoS) attacks. Specifically, we show adoption makes it easier to find and scale-out the ampli- that an attacker can exploit BitTorrent protocols (Mi- fier population. The two attacks mentioned above were cro Transport Protocol (uTP) [32], Distributed Hash Ta- particularly devastating because they exploited DNS and ble (DHT) [30], Message Stream Encryption (MSE) [8]) NTP, both of which are widely-used protocols in the In- and BitTorrent Sync (BTSync) [6] to reflect and amplify ternet today. traffic from peers. We validate the efficiency, robustness In this paper, we show that BitTorrent, one of the most and evadability of the exposed BitTorrent vulnerabilities popular P2P file sharing protocols2, can also be exploited in a P2P lab testbed. We further substantiate the lab to launch DRDoS attacks. BitTorrent and BTSync make results by crawling more than 2.1 million IP addresses use of UDP protocols. Since these protocols do not in- over Mainline DHT (MLDHT) and analyzing more than clude mechanisms to prevent IP source address spoofing, 10,000 BitTorrent handshakes. Our experiments reveal an attacker can use peer-discovery techniques like track- that an attacker is able to exploit BitTorrent peers to am- ers, DHT or Peer Exchange (PEX) [7] to collect millions plify the traffic up to a factor of 50 times and in case of of possible amplifiers. BTSync up to 120 times. Additionally, we observe that We use the following three criteria to understand the the most popular BitTorrent clients are the most vulnera- impact of the vulnerabilities exposed in this work: ble ones. 1. Efficiency: defined in terms of Bandwidth Amplifi- 1 Introduction cation Factor (BAF) [39] and ease of amplifier iden- tification; DDoS attacks continue to become increasingly devastat- 2. Robustness: defined in terms of attack resilience un- ing, despite widespread adoption of mechanisms to cir- der amplifier churn; and cumvent IP spoofing1. In 2013, CloudFlare registered a DDoS bandwidth record by an attack which gener- 3. Evadability: in terms of difficulty of attack circum- ated nearly 300 Gbps traffic [36]. A year later, a new vention (at amplifiers and victims) and ease of eva- record was established by a DDoS attack that generated sion. 400 Gbps [37]. Both these record-setting attacks be- longed to a category of DoS attacks where the attacker We evaluate the detected vulnerabilities on the above does not send traffic directly to the victim; traffic is in- criteria. Experiments are first performed on a custom stead sent to reflectors (with spoofed source IP of the vic- testbed with 33 peers. We further substantiate our find- tim) which in turn flood the victim with responses. Such ings by crawling 2.1 million IP addresses over MLDHT a DRDoS attack becomes particularly potent if the re- and analyzing more than 10,000 BitTorrent handshakes. flectors send higher volumes of traffic to the victim than Our experiments demonstrate that BitTorrent has a bandwidth amplification factor (BAF) of 50 times and 1According to the Spoofer project [9], more than 70 % of the pub- lic networks implement BCP 38 [18] to circumvent IP source address 2According to some recent measurements, BitTorrent comprises spoofing. 3.35 % of the worldwide bandwidth [35]. 1 Internet-wide scanning tools like ZMap [17] can help to PA identify possible amplifiers. The speed and ease of iden- B BA V tifying new amplifier is fundamentally important to all the criteria (attack efficiency, robustness under amplifier BV churn, and evadability at amplifiers and victims) that we BA PA PA PV used as a efficacy benchmark throughout this paper. After the attacker has identified amplifiers, PA initi- B BV A ates the attack by sending small packets BA to the am- plifiers PA. Instead of using its own socket address, the attacker spoofs the address in the packet BA from the vic- PA tim PV . The amplifiers respond to the victim PV with a larger packet BV . This type of attack has several advan- Attacker Amplifiers Victim tages: • the attacker hides his own identity, since the attacks Figure 1: Schematic diagram of the threat model of a uses IP spoofing (evadability advantage); DRDoS attack. • it can be initiated by a single computer, but results in a distributed attack (efficiency advantage); and in case of BTSync up to 120 times. Moreover, we ob- serve that the most widely-used BitTorrent clients like • the amplifiers send a larger packet to the victim uTorrent, Mainline and Vuze are also the most vulner- and therefore increase the impact of the attack (effi- able ones. We also show that a possible attack is quite ciency advantage). robust under amplifier churn as the BitTorrent protocol The ratio of the smaller and larger packet is known as is widely-adopted and new amplifiers can be discovered BAF [39]: quite quickly using standard peer discovery mechanisms. Finally, we show that due to its use of dynamic port jB j ranges and encryption during handshake (in terms of BAF = v ; (1) jB j MSE), a DRDoS attack that exploits BitTorrent cannot a be detected using a standard firewall, and would instead where the payload to the victim is denoted as jBvj and the require Deep Packet Inspection (DPI) to be detected. amplified payload from the victim as jBaj. For instance, a BAF of 5 times means, that an attacker with 1 Gbps upload capacity can send 5 Gbps of traffic to the victim. 2 Background Similar to BAF, a Packet Amplification Factor (PAF) is defined as the ratio of the number of packets sent from In this section, we provide a brief overview of DRDoS the amplifier to the victim and the number of packets sent attacks and the BitTorrent protocol family. While dis- from the attacker to the amplifier. cussing BitTorrent, we highlight the vulnerabilities that can be exploited. 2.2 BitTorrent Protocol Family 2.1 Distributed Reflective Denial-of- In this section, we first introduce the BitTorrent termi- Service (DRDoS) Attacks nology which we used throughout this paper. We then briefly discuss the different protocols. An attacker which initiates a DRDoS does not send the traffic directly to the victim; instead he/she sends it to Node: A physical or virtual machine with an IP stack. amplifiers which reflect the traffic to the victim. The at- tacker does this by exploiting network protocols which Peer: A node that runs a BitTorrent client. are vulnerable to IP spoofing. A DRDoS attack results in Swarm: All the peers sharing a torrent. a distributed attack which can be initiated by one or mul- tiple attacker nodes. Figure 1 outlines the threat model Torrent: A file that contains metadata about the BitTor- of a DRDoS attack. rent swarm and the distributed files. The attacker PA in Figure 1 needs to identify am- plifiers before initiating the attack. This step is depen- Info-hash: SHA-1 hash (160 bit) from the .torrent file dent on the protocol which the attacker wants to exploit. which identifies a swarm. 2 Peer-id: Unique ID which identifies a single peer which Initiator Receiver is chosen at random. SYN_SENT ST_SYN Seeder: A peer that has downloaded the complete con- CONNECTED tent and shares it with other peers. ST_STATE Leecher: A peer which is downloading content of the CONNECTED torrent. connection established BitTorrent is the most commonly-used P2P protocol Figure 2: Two-way handshake to initiate a connection 3 of the world today . The novelty of this protocol is, that between two uTP nodes. The text on the outer edge re- it provides solutions for the free riding problem [11] and flects the state of the protocol. the last piece problem [23]. To overcome the first prob- lem, BitTorrent uses an incentive mechanism called the choking algorithm [13] which results in a tit-for-tat-ish measurements. If the difference between the measure- way of sharing. BitTorrent solves the second problem by ments increases, the sender automatically throttles back. introducing the rarest piece first algorithm [28]. uTP [32] adopts a few ideas from TCP. It controls the Similar to all P2P systems, BitTorrent also has to over- flow with a sliding window, verifies data integrity with come the bootstrapping problem: how can a new peer sequence numbers and initiates a connection with a hand- join the network when there is no central contact point? shake. Unlike TCP, uTP uses a two-way handshake in- The original BitTorrent specification introduces the con- stead of a three-way handshake. Figure 2 depicts the cept of a tracker, which is a server that registers all par- message flow to establish a connection between two uTP ticipating peers. Before a newly-joined peer can partic- nodes. ipate, it requests the tracker for contact information of It can be seen that the initiator sends a ST_SYN packet other peers. to the receiver to initiate a connection. This is similar to Over time, a number of extensions to the BitTorrent the SYN packet in TCP. The receiver acknowledges the protocol have been proposed to avoid a central (tracker) ST_SYN packet with a ST_STATE packet.