Learn, hack!

URL

http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4210-en-lying_to_the_neighbours.mp4

File name

27c3-4210-en-lying_to_the_neighbours.mp4

File size

459.7 MB

MD5

236de88008dfda2d8bd07c24f3f489fd

SHA1

9a1a7744ee8c533f02d31da4f5041e53078f9448

Distributed Hash Tables implement Routing and Addressability in large P2P networks. In the Kademlia adaption for Bittorrent a peer's address (NodeID) is to be generated randomly, or more appropriate: arbitrarily. Because randomness isn't verifiable, an implementation can advertise itself with popular NodeIDs or even change them on a per-packet basis. Two issues arise due this design problem: Amplification of UDP traffic Amplification of TCP traffic Anyone with a moderate bandwidth connection can induce DDoS attacks with the BitTorrent cloud. Starting with the prerequisites of BitTorrent, I will outline the importance of tracker-less operation and how Magnet links work. Distributed Hash Tables are explained pertaining to the Kademlia algorithm. It is most interesting how implementations maintain and refresh routing information, allowing a malicious node to become a popular neighbour quickly, and how traffic can be amplified in two ways. I will present packet rate analysis measured during tests on Amazon EC2. In conclusion it is explained how the problem of arbitrary NodeIDs can be avoided if the protocol was to be redesigned. A few words are to be given what client authors can do to alleviate the damage potential of the BitTorrent DHT.