BitTorrent Protocol Attack
by Joel R. Voss aka. Javantea
jvoss@altsci.com
jvoss@myuw.net
Feb 23-26, 2005

BitTorrent Attack 0.3 Source [sig]
BitTorrent Attack 0.2 Source [sig]

DESCRIPTION

Official BitTorrent Protocol
Official BitTorrent Client
Netmap2 Page

The BitTorrent Attack is a small project to see what we can do with the BitTorrent protocol without sending or receiving legitimate data. It is part of Netmap2 (aka. Protocols and Services Project).

The only part of the BitTorrent source that I use is bencode.py, which is licensed under the BitTorrent Open Source License. I hope to fully comply with this license.

The Honeypot attack opens a torrent file, sends data to the tracker, gets data from the tracker, outputs the data to the console, then does a handshake with each peer that the tracker tells us about. It closes the connection immediately afterward. In the future, it will give bad data. Then it opens port 6881 and waits for peers to connect. When a peer connects, it will handshake, dump the info to the console, and then close the connection. In the future, it will receive and send data.

The Protocol attack opens a torrent file, connects to a peer, sends a handshake, receives a handshake, prints the handshake, and then closes the connection.

REQUIREMENTS

The BitTorrent Attack requires Python. Optionally threading support for Python, urllib, and urllib2 are used.

METHODS

More detailed information coming soon.
Until then, look at the source code.

BitTorrent Honeypot Attack
BE VERY CAREFUL running this, it will attack a BitTorrent network. The Honeypot attack is quite easy for BitTorrent.
We setup with the tracker so that peers come to us for the file.
We get a list of peers from the tracker so we can blast them.
We handshake with the peer and we dump their data to the database.
TODO: All the stuff after the handshake.
TODO: We should be able to send false data if we want to.
TODO: We can try to slow the peers down.



BitTorrent Protocol Attack
The problem with attacking BitTorrent for a banner is that you don't know what torrent they are seeding/downloading. If you knew that, it would be complete.
BitTorrent is smart to not give this information out to unknown peers. The handshake is symmetrical, but do bittorrent peers that are connected to recv() first or send() first? I bet they recv() first as a security measure. If the person gives an incorrect info_hash, they disconnect.

btproto1.py works extremely well with bthoney1.py as a full attack vector.

TODO: All the stuff after the handshake.



USAGE
python btproto1.py [-c] file
Dump information about file:
btproto1.py file
Start the attack client against 127.0.0.1:6881 for file:
btproto1.py -c file
Start the attack server/client against all targets for file:
bthoney1.py file

More detailed information coming soon.

Permalink

Comments: 0

Leave a reply »

 
  • Leave a Reply
    Your gravatar
    Your Name