27C3 - Version 1.6.3
27th Chaos Communication Congress
We come in peace
Speakers | |
---|---|
Astro |
Schedule | |
---|---|
Day | Day 2 - 2010-12-28 |
Room | Saal 2 |
Start time | 13:00 |
Duration | 00:30 |
Info | |
ID | 4210 |
Event type | Lecture |
Track | Hacking |
Language used for presentation | English |
Feedback | |
---|---|
Did you attend this event? Give Feedback |
Lying To The Neighbours
Nasty effects with tracker-less BitTorrent
Distributed Hash Tables implement Routing and Addressability in large P2P networks. In the Kademlia adaption for Bittorrent a peer's address (NodeID) is to be generated randomly, or more appropriate: arbitrarily. Because randomness isn't verifiable, an implementation can advertise itself with popular NodeIDs or even change them on a per-packet basis.
Two issues arise due this design problem:
- Amplification of UDP traffic
- Amplification of TCP traffic
Anyone with a moderate bandwidth connection can induce DDoS attacks with the BitTorrent cloud.
Starting with the prerequisites of BitTorrent, I will outline the importance of tracker-less operation and how Magnet links work. Distributed Hash Tables are explained pertaining to the Kademlia algorithm. It is most interesting how implementations maintain and refresh routing information, allowing a malicious node to become a popular neighbour quickly, and how traffic can be amplified in two ways.
I will present packet rate analysis measured during tests on Amazon EC2.
In conclusion it is explained how the problem of arbitrary NodeIDs can be avoided if the protocol was to be redesigned. A few words are to be given what client authors can do to alleviate the damage potential of the BitTorrent DHT.