p2pfile-sharinginhell ... · 2019. 12. 18. · introduction amplificationvulnerabilities...

Introduction Amplification Vulnerabilities Experimental Evaluation Countermeasures

P2P File-Sharing in Hell:Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective

DoS Attacks

Florian Adamsky, Syed Ali Khayam, Rudolf Jäger andMuttukrishnan Rajarajan

[email protected]://florian.adamsky.it/

9th USENIX Workshop on Offensive Technologies

1/34

[email protected]

http://florian.adamsky.it/


Outline

1 IntroductionBackground

2 Amplification VulnerabilitiesBitTorrentDHTBitTorrent Sync

3 Experimental Evaluation

4 Countermeasures

2/34


Table of Contents




4 Countermeasures

3/34


2013: DDoS attack record: 300 Gbps

4/34


2014: DDoS attack record: 400 Gbps

5/34


DRDoS Attacks Thread Model

PA

Attacker

PA

PA

PA

Amplifiers

PV

Victim

BA

BA

BA

BV

BV

BV

Bandwidth Amplification Factor (BAF)Christian Rossow introduced the Bandwidth Amplification Factor (BAF):

BAF =|Bv||Ba|

6/34


Example: BAF = 5

PA

Attacker

PA

PA

PA

Amplifiers

PV

Victim

BA

BA

BA

BV

BV

BV

BA = 1 Gbps BV = 5 Gbps

7/34


Example: BAF = 5

PA

Attacker

PA

PA

PA

Amplifiers

PV

Victim

BA

BA

BA

BV

BV

BV

BA = 1 Gbps

BV = 5 Gbps

7/34


Example: BAF = 5

PA

Attacker

PA

PA

PA

Amplifiers

PV

Victim

BA

BA

BA

BV

BV

BV

BA = 1 Gbps BV = 5 Gbps

7/34


Advantages of a DRDoS Attack

Attacker hides his own identity

It can be initiated by a single computer, results in a distributed attack

Amplifiers send a larger packet to the victim and therefore increase the impact of the attack

8/34


Worldwide Application Usage

Source: Paloalto Networks9/34

http://researchcenter.paloaltonetworks.com/app-usage-risk-report-visualization/


Worldwide Application Usage

BitTorrent% of total bandwidth: 3.35 %

Source: Paloalto Networks10/34

http://researchcenter.paloaltonetworks.com/app-usage-risk-report-visualization/


BitTorrent’s protocol overview

Variety of UDP-based protocols are used:Distributed Hash Table (DHT)Micro Transport Protocol (uTP)

11/34


Micro Transport Protocol (uTP)

uTP is a reliable transport protocol which makes use of UDPSimilarities to TCP

Window based flow controlSequence numbers and ACK numbers

Differences to TCPSequence numbers and ACKs refer to packets, not bytesNo congestion control (Slow-start, congestion avoidance, …) → LEDBATTwo-way handshake instead of a three-way handshake

12/34


uTP’s two-way handshake

Initiator Receiver

SYN_SENT ST_SYN

CONNECTED

CONNECTED

ST_STATE

connection established

13/34


uTP’s two-way handshake

Initiator ReceiverSYN_SENT ST_SYN

CONNECTED

CONNECTED

ST_STATE

connection established

13/34


Table of Contents




4 Countermeasures

14/34


BitTorrent Handshake

<pstrlen><pstr><extensions><info_hash><peer_id>

pstrlen = 19

pstr = BitTorrent protocol

extensions 8 bytes reserved

info_hash 20 byte

peer_id 20 byte

15/34


Exploiting uTP’s two-way handshake

Attacker Amplifier Victim

ST_SYNa)

ST_STATE

b)

ST_DATA (Handshake)c)

ST_DATA (Handshake)d)ST_DATA (Handshake)ST_DATA (Handshake)

16/34




ST_SYNa)

ST_STATE

b)


ST_DATA (Handshake)d)

ST_DATA (Handshake)ST_DATA (Handshake)

16/34




ST_SYNa)

ST_STATE

b)


ST_DATA (Handshake)d)ST_DATA (Handshake)

ST_DATA (Handshake)

16/34




ST_SYNa)

ST_STATE

b)


ST_DATA (Handshake)d)ST_DATA (Handshake)ST_DATA (Handshake)

16/34


BV > BA

Definition (Packet Stuffing)Try to cram as much BitTorrent messages into one packet as possible to minimize theconnection establishment protocol flow

17/34


Amplification Factors (BitTorrent)

Description BAF PAFucat 351.5 6uTorrent w/o extensions 27.6 3.5Mainline w/o extensions 27.8 3.5uTorrent with LTEP 39.6 3Mainline with LTEP 39.6 3Vuze w/o extensions 13.9 2Vuze with LTEP 18.7 2Vuze with AMP 54.3 3.5Transmission w/o extensions 4.0 3.5Transmission with LTEP 4.0 3.5Transmission with AMP 4.0 3.5Libtorrent w/o extensions 5.2 4Libtorrent with LTEP 5.2 4

18/34


Message Stream Encryption (MSE)

Aim of MSE is to obfuscate BitTorrent traffic to avoid shaping

MSE starts a Diffie-Hellman key exchange

After the key exchange BitTorrent packets are RC4 encrypted

Initiator ReceiverPA = ga mod pRA = 0 bytes ≤ RA ≤ 512 bytes PA, RA

PB = ga mod pRB = 0 bytes ≤ RB ≤ 512 bytesPB,RB

Amplification Factor (MSE)

4 ≤ BAFMSE ≤ 32.5

19/34






Initiator Receiver

PA = ga mod pRA = 0 bytes ≤ RA ≤ 512 bytes PA, RA



4 ≤ BAFMSE ≤ 32.5

19/34






Initiator ReceiverPA = ga mod pRA = 0 bytes ≤ RA ≤ 512 bytes

PA, RAPB = ga mod pRB = 0 bytes ≤ RB ≤ 512 bytesPB,RB


4 ≤ BAFMSE ≤ 32.5

19/34









4 ≤ BAFMSE ≤ 32.5

19/34







PB = ga mod pRB = 0 bytes ≤ RB ≤ 512 bytes

PB,RB


4 ≤ BAFMSE ≤ 32.5

19/34









4 ≤ BAFMSE ≤ 32.5

19/34


Distributed Hash Table

DHT implementation in BitTorrent is divided into two protocols:Mainline DHT (MLDHT)Vuze DHT (VDHT)

MLDHT is by far the biggest overlay network (around 15–27 million users per day)

Both protocols are not compatible with each other

20/34


Amplification Factors (DHT)

Implementation Description BAFMLDHT ping 0.8

find_node with K = 8 3.1get_peers with 100 peers (IPv4) 11.9get_peers with 100 peers (IPv6) 24.5get_peers with scrapes 13.4

VDHT ping 0.8ping with Vivaldi coordinates 14.9

21/34


BitTorrent Sync

Proprietary protocol to synchronize files in a P2P way

BTSync reached the 1 million users mark in 2013

BTSync also uses uTP as its transport protocol

22/34


Amplification Vulnerabilities (BTSync)

Message BAFBTSync handshake 10.8ping 120

23/34


BTSync: ping flood

24/34


Evadability

DNS’13

NTP

’14

BTH

MLD

HT

VDHT

BTSy

nc

MSE

SPI firwall X XDPI firewall X X X X

25/34


Table of Contents




4 Countermeasures

26/34


Experimental Evaluation

0 100 200 300 400 500 600

0

0.5

1

1.5

2·104

Time in seconds (s)

Payloa

dsize

inby

tes

BV = Traffic to the victimBA = Traffic to the amplifiers

Figure: Amplification attack with 1 attacker, 31 amplifiers and 1 victim.27/34


BitTorrent Crawler

We wrote a BitTorrent Crawler in Elixir

Used PirateBay magnet link database fromFeb 2012We collected overall 9.6 million peers viaMLDHT

Beginning from 1st January 2015 until 1stFebruary 2015.

SuperVisor

SuperVisor SuperVisorDB Worker

DHTHarvester

PeerRequesterDB

Internet

1:1

1:1 1:1

1:1

1:n

1:n

28/34


Payload size from the DHT responses

0 500 1,000 1,500 2,000 2,500 3,000

0

2

4

·104

1.0

3.1

5.37.4 9.5 11.6

Payload size in bytes

Num

berof

rece

ived

pack

ets

Figure: Histogram of the payload size from the DHT responses which are caused by get_peers requests.The numbers on top of the bars are the average BAF values.

29/34


BitTorrent handshake size from the uTP responses

300 400 500 600 700 800 900 1,000 1,100 1,200 1,300 1,400 1,500

0

100

200

300

BitTorrent Handshake size in bytes

Num

berof

rece

ived

pack

ets

Figure: Histogram of the BitTorrent handshake size from the uTP responses.30/34



300 400 500 600 700 800 900 1,000 1,100 1,200 1,300 1,400 1,500

0

100

200

300

31.2 (15.7 %)


Num

berof

rece

ived

pack

ets




300 400 500 600 700 800 900 1,000 1,100 1,200 1,300 1,400 1,500

0

100

200

300

31.2 (15.7 %)

46.7 (2.2 %)


Num

berof

rece

ived

pack

ets




300 400 500 600 700 800 900 1,000 1,100 1,200 1,300 1,400 1,500

0

100

200

300

31.2 (15.7 %)

46.7 (2.2 %)

66.9 (3.9 %)


Num

berof

rece

ived

pack

ets



Table of Contents




4 Countermeasures

31/34


Coutermeasures

ISP sideBCP 38 (ingress filtering)

2015: more than 70 % of the publicnetworks deployed BCP 38

Protocol sideuTP

Three-way handshakeVerify the second acknowledgment

DHTToken scheme (similar to announce_peer)

32/34


Conclusion

BitTorrent and BitTorrent Sync are vulnerable to DRDoS attacks

Attacker is able to amplify traffic up to 50 times and with BTSync up to 120 times

With Trackers, DHT and PEX, an attacker can collect millions of amplifiersHard to circumvent, as the found vulnerabilities can only be defended with a DPI firewall

in case of MSE it is even harder

Responsible DisclosureuTorrent 3.4.4 49854 (beta) is released today!

33/34


Thank You

[email protected]


Institutions:

34/34

[email protected]


p2pfile-sharinginhell ... · 2019. 12. 18. · introduction amplificationvulnerabilities...

Documents