Harnessing the power of BitTorrent for distributed denial‐of‐service attacks

BitTorrent is a popular peer‐to‐peer (P2P) file‐sharing protocol that utilizes a central server, known as a ‘tracker’, to coordinate connections between peers in a ‘swarm’, a term used to describe a BitTorrent ad‐hoc file sharing network. The tracker of a swarm is specified by the original file distributor and trusted unconditionally by peers in the swarm. This central point of control provides an opportunity for a file distributor to deploy a modified tracker to provide peers in a swarm with malicious coordination data, directing peer connection traffic toward an arbitrary target machine on an arbitrary service port. Although such an attack does not generate huge amount of attack traffic, it would set up many connections with the victim server successfully, which could cause serious denial‐of‐service by exhausting the victim server's connection resource. In this paper, we present and demonstrate such an attack that is entirely tracker‐based, requiring no modifications to BitTorrent client software and could be deployed by an attacker right now. The results from both emulation and real‐world experiments show the applicability of this attack. Due to the skyrocketing popularity of BitTorrent and numerous large‐scale swarms existed in the Internet, BitTorrent swarms provide an intriguing platform for launching distributed denial‐of‐service (DDoS) attacks based on connection exhaustion. Copyright © 2010 John Wiley & Sons, Ltd.