

DRDoS, UDP-Based protocols and BitTorrent - adamnemecek
http://engineering.bittorrent.com/2015/08/27/drdos-udp-based-protocols-and-bittorrent/

======
Scaevolus
This is going to be exploitable for a long time.

BitTorrent clients often use UPnP to forward ports automatically. Many Windows
users remain on old uTorrent versions after multiple unwanted "features"
(advertising, built-in bitcoin miner, ...).

On the bright side, open source BitTorrent clients appear to have low
amplification factors (libtorrent does 4x vs 40x for uTorrent).

~~~
PhilChip
Does this also affect UPnP? The article mentions only µTP

~~~
r1ch
In this context, UPnP is what allows uTP to be used as a reflector, since the
target reflector will have their ports opened automatically by UPnP (normally
a NAT would block it).

That said, improperly configured UPnP can also be used to perform DRDoS via
SSDP.

------
mahmud
Off-topic:

I really thought this was about DR-DOS, Novell's version of DOS.

[https://en.wikipedia.org/wiki/DR-DOS](https://en.wikipedia.org/wiki/DR-DOS)

~~~
vog
Thanks! I was going to write the same comment, and I don't think it is off-
topic.

Many HN readers probably won't understand the word-play behind "DRDoS", as
they are too young to have worked with MS-DOS/DR-DOS/etc. So I think it is
worth mentioning that this title is a word-play.

------
film42
I wonder if there's a connection between this discovery and the articles [1]
about the pirate bay's tracker targeting random ip addresses happening a few
months ago.

[1] [https://torrentfreak.com/zombie-pirate-bay-tracker-fuels-
chi...](https://torrentfreak.com/zombie-pirate-bay-tracker-fuels-chinese-ddos-
attacks-150124/)

------
utnick
Anyone have an idea what percentage of networks and hosting providers drop
spoofed packets originating from inside their networks? What are the downsides
of dropping them?

~~~
scurvy
You're referring to BCP-38, aka RFC 2827. It's actually decently hard for a
transit network to do this at scale. You can do it when you're a small ISP,
but the administrative stuff becomes harder as you get larger and are
constantly getting more allocations, buy out other ISP's, etc.

Every content network should do it. Not a huge win there, but it's something.

I'm not saying we shouldn't try, but there are countless, very long threads on
NANOG about why some transit networks just can't do it.

