Vuze Forums

Full Version: Update Vuze with libuTP patch to correct bug allowing DRDoS attacks ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi, I just read an article about an important fix on BitTorrent clients:
http://blog.bittorrent.com/2015/08/27/mi...ecosystem/

It explains that developers made a patch to the libuTP software to stop "possibility of exploiting BitTorrent protocols for Distributed Reflective Denial of Service Attacks (DRDoS)".
https://github.com/bittorrent/libutp/com...6cea885760

As libuTP is an essential component for BT apps, I wonder if Vuze also needs to be updated ?

Thanks, Xavier
yup, on my list of things to do - thanks
Thanks for the reply - and the good work on Vuze client !

Some more informations for people interested (I'm not a technician, I can't explain code issues...):

P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks
Amplification Factors of the different BT clients with a BitTorrent handshake with uTP, p. 7 of publication:
http://www.researchgate.net/publication/...oS_Attacks

Even if Vuze seems to have its own implementation and does not use directly libtorrent-rasterbar:
https://github.com/arvidn/libtorrent/com...9cc5e0a2e1