Learn, hack!

URL

http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-4210-en-lying_to_the_neighbours.mp3

File name

27c3-4210-en-lying_to_the_neighbours.mp3

File size

15.8 MB

MD5

4b2d868364e54d03aa31f9d61c259f13

SHA1

0005d77d429ea56a6d7cab2b755ade62dad3bdbf

Distributed Hash Tables implement Routing and Addressability in large P2P networks. In the Kademlia adaption for Bittorrent a peer's address (NodeID) is to be generated randomly, or more appropriate: arbitrarily. Because randomness isn't verifiable, an implementation can advertise itself with popular NodeIDs or even change them on a per-packet basis. Two issues arise due this design problem: Amplification of UDP traffic Amplification of TCP traffic Anyone with a moderate bandwidth connection can induce DDoS attacks with the BitTorrent cloud. Starting with the prerequisites of BitTorrent, I will outline the importance of tracker-less operation and how Magnet links work. Distributed Hash Tables are explained pertaining to the Kademlia algorithm. It is most interesting how implementations maintain and refresh routing information, allowing a malicious node to become a popular neighbour quickly, and how traffic can be amplified in two ways. I will present packet rate analysis measured during tests on Amazon EC2. In conclusion it is explained how the problem of arbitrary NodeIDs can be avoided if the protocol was to be redesigned. A few words are to be given what client authors can do to alleviate the damage potential of the BitTorrent DHT.