Vuze Forums

Full Version: Update Vuze with libuTP patch to correct bug allowing DRDoS attacks ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi, I just read an article about an important fix on BitTorrent clients:

It explains that developers made a patch to the libuTP software to stop "possibility of exploiting BitTorrent protocols for Distributed Reflective Denial of Service Attacks (DRDoS)".

As libuTP is an essential component for BT apps, I wonder if Vuze also needs to be updated ?

Thanks, Xavier
yup, on my list of things to do - thanks
Thanks for the reply - and the good work on Vuze client !

Some more informations for people interested (I'm not a technician, I can't explain code issues...):

P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks
Amplification Factors of the different BT clients with a BitTorrent handshake with uTP, p. 7 of publication:

Even if Vuze seems to have its own implementation and does not use directly libtorrent-rasterbar: