Researchers at the 2015 USENIX Workshop on Offensive Technologies (WOOT ‘15) demonstrated how the BitTorrent protocol family is vulnerable to distributed reflective denial-of-service (DRDoS) attacks.


Actors can exploit BitTorrent protocols and BitTorrent Sync (BTSync) to reflect and amplify traffic from peers, according to a whitepaper, which explained that popular clients such as uTorrent, Mainline, and Vuze are the most vulnerable to these types of attacks.


“Our experiments reveal that an attacker is able to exploit BitTorrent peers to amplify the traffic up to a factor of 50 times and in case of BTSync up to 120 times,” the whitepaper said.


The researchers referred to the attack techniques as "efficient," explaining that circumventing the attack is challenging since the vulnerabilities can only be defended against using a Deep Packet Inspection (DPI) firewall, and the IP spoofing used lets attackers hide their identities.