Page 1 of 1

Direct Connect and BitTorrent : Survival of the Securest

Posted: 08 Jan 2011, 11:15
by iceman50
So we have all heard of occasions when DC++ was exploited through a security flaw for DDoS'ing purposes, but as it appears about a week or so an exploit appeared on BitTorrent clients using Kademlia based DHT. Use of this exploit could 'potentially' (given that there is a big enough 'swarm' of clients using the Kademlia based DHT client downloading a specified torrent) DDoS a very large well, whatever you want really, website, server, whatever device that has some sort of public connection to the internet (of course you would need enough clients with this exploitable version of Kademlie based DHT). My point I'm coming to now, is that it seems 'torrenting' has become to the users, a new "upgrade" to Direct Connect which people think is more secure then Direct Connect, but if we look at it all the exploits for use with DDoS'ing have never been on such a grand scale like this one (sure potentially and probably a lot more users then DC but I'm using it to prove a point.), also ever since the "IP" column was introduced in the vanilla DC++ client (ca. 0.306 or at least around that time period) people have complained about it as a security vulnerability, how is this a vulnerability when it's just as easy to get an IP in a Torrent program, hell it's even easier for users of uTorrent there's a nice little tab labeled 'Peers' that gives you a nice list of connected IP's in a nice sorted list all ready for you =). After all of this what I'm trying to say is on a grand scale Torrents really aren't more secure then DC, not even private trackers (which btw since people seem to prefer private trackers your IP is jsut as exposed as using a public tracker, and an excellent point was brought up by BSOD2600, just because you use PeerBlock doesn't mean any Anti-Piracy firm can't go get a normal ISP to have a plain looking account and catch you that way, it's not impossible and in all reality it's very likely.).