3rd International ICST Conference on Security and Privacy in Communication Networks

Research Article

A BitTorrent-Driven Distributed Denial-of-Service Attack

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550342,
        author={Jerome Harrington and Corey Kuwanoe and Cliff C. Zou},
        title={A BitTorrent-Driven Distributed Denial-of-Service Attack},
        proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2008},
        month={6},
        keywords={BitTorrent Distributed denial-of-service Peer-to-peer networks},
        doi={10.1109/SECCOM.2007.4550342}
    }
    
  • Jerome Harrington
    Corey Kuwanoe
    Cliff C. Zou
    Year: 2008
    A BitTorrent-Driven Distributed Denial-of-Service Attack
    SECURECOMM
    IEEE
    DOI: 10.1109/SECCOM.2007.4550342
Jerome Harrington1,*, Corey Kuwanoe1,*, Cliff C. Zou1,*
  • 1: School of Electrical Engineering and Computer Science University of Central Florida Orlando, FL 32816
*Contact email: psi@y0ru.net, eschalon@gmail.com, czou@cs.ucf.edu

Abstract

BitTorrent is a popular peer-to-peer file-sharing protocol that utilizes a central server, known as a “tracker”, to coordinate connections between peers in a “swarm”, a term used to describe a BitTorrent ad-hoc file sharing network. The tracker of a swarm is specified by the original file distributor and trusted unconditionally by peers in the swarm. This central point of control provides an opportunity for a file distributor to deploy a modified tracker to provide peers in a swarm with malicious coordination data, directing peer connection traffic toward an arbitrary target machine on an arbitrary service port. Although such an attack does not generate huge amount of attack traffic, it would set up many connections with the victim server successfully and hold these connections until time out, which could cause serious denial-of-service by exhausting a server’s connection resource. In this paper, we present such an attack that is entirely tracker-based, requiring no modifications to BitTorrent client software and could be deployed by an attacker right now. The results from both simulation and real-world experiments show the applicability of this attack. Due to the skyrocketing popularity of BitTorrent and numerous large-scale swarms existed in the Internet, BitTorrent swarms provide an intriguing platform for launching distributed denial-of-service attacks based on connection exhaustion.