Torrent Poisoning Protection with a Reverse Proxy Server

Detalhes bibliográficos
Autor(a) principal: Godinho, António
Data de Publicação: 2022
Outros Autores: Cardoso, Filipe, Rosado, José, Sá, Filipe, Caldeira, Filipe
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.15/4670
Resumo: A Distributed Denial-of-Service attack uses multiple sources operating in concert to attack a network or site. A typical DDoS flood attack on a website targets a web server with multiple valid requests, exhausting the server’s resources. The participants in this attack are usually compromised/infected computers controlled by the attackers. There are several variations of this kind of attack, and torrent index poisoning is one. A Distributed Denial-of-Service (DDoS) attack using torrent poisoning, more specifically using index poisoning, is one of the most effective and disruptive types of attacks. These web flooding attacks originate from BitTorrent-based file-sharing communities, where the participants using the BitTorrent applications cannot detect their involvement. The antivirus and other tools cannot detect the altered torrent file, making the BitTorrent client target the webserver. The use of reverse proxy servers can block this type of request from reaching the web server, preventing the severity and impact on the service of the DDoS. In this paper, we analyze a torrent index poisoning DDoS to a higher education institution, the impact on the network systems and servers, and the mitigation measures implemented.
id RCAP_7417312c406deb895b476d939ac91bb7
oai_identifier_str oai:repositorio.ipsantarem.pt:10400.15/4670
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Torrent Poisoning Protection with a Reverse Proxy ServerTorrent poisoningIndex poisoningHAProxyReversed proxyDistributed Denial-of-Service (DDoS) flooding attackA Distributed Denial-of-Service attack uses multiple sources operating in concert to attack a network or site. A typical DDoS flood attack on a website targets a web server with multiple valid requests, exhausting the server’s resources. The participants in this attack are usually compromised/infected computers controlled by the attackers. There are several variations of this kind of attack, and torrent index poisoning is one. A Distributed Denial-of-Service (DDoS) attack using torrent poisoning, more specifically using index poisoning, is one of the most effective and disruptive types of attacks. These web flooding attacks originate from BitTorrent-based file-sharing communities, where the participants using the BitTorrent applications cannot detect their involvement. The antivirus and other tools cannot detect the altered torrent file, making the BitTorrent client target the webserver. The use of reverse proxy servers can block this type of request from reaching the web server, preventing the severity and impact on the service of the DDoS. In this paper, we analyze a torrent index poisoning DDoS to a higher education institution, the impact on the network systems and servers, and the mitigation measures implemented.MDPIRepositório Científico do Instituto Politécnico de SantarémGodinho, AntónioCardoso, FilipeRosado, JoséSá, FilipeCaldeira, Filipe2024-01-09T14:39:03Z2022-12-302022-12-30T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10400.15/4670engGodinho A., Rosado J., Sá F., Caldeira F., & Cardoso F. (2023). Torrent poisoning protection with a reverse proxy server. Electronics, 12(1). doi: https://doi.org/10.3390/electronics120101652079-929210.3390/electronics12010165info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-21T07:38:49Zoai:repositorio.ipsantarem.pt:10400.15/4670Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:56:15.495320Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Torrent Poisoning Protection with a Reverse Proxy Server
title Torrent Poisoning Protection with a Reverse Proxy Server
spellingShingle Torrent Poisoning Protection with a Reverse Proxy Server
Godinho, António
Torrent poisoning
Index poisoning
HAProxy
Reversed proxy
Distributed Denial-of-Service (DDoS) flooding attack
title_short Torrent Poisoning Protection with a Reverse Proxy Server
title_full Torrent Poisoning Protection with a Reverse Proxy Server
title_fullStr Torrent Poisoning Protection with a Reverse Proxy Server
title_full_unstemmed Torrent Poisoning Protection with a Reverse Proxy Server
title_sort Torrent Poisoning Protection with a Reverse Proxy Server
author Godinho, António
author_facet Godinho, António
Cardoso, Filipe
Rosado, José
Sá, Filipe
Caldeira, Filipe
author_role author
author2 Cardoso, Filipe
Rosado, José
Sá, Filipe
Caldeira, Filipe
author2_role author
author
author
author
dc.contributor.none.fl_str_mv Repositório Científico do Instituto Politécnico de Santarém
dc.contributor.author.fl_str_mv Godinho, António
Cardoso, Filipe
Rosado, José
Sá, Filipe
Caldeira, Filipe
dc.subject.por.fl_str_mv Torrent poisoning
Index poisoning
HAProxy
Reversed proxy
Distributed Denial-of-Service (DDoS) flooding attack
topic Torrent poisoning
Index poisoning
HAProxy
Reversed proxy
Distributed Denial-of-Service (DDoS) flooding attack
description A Distributed Denial-of-Service attack uses multiple sources operating in concert to attack a network or site. A typical DDoS flood attack on a website targets a web server with multiple valid requests, exhausting the server’s resources. The participants in this attack are usually compromised/infected computers controlled by the attackers. There are several variations of this kind of attack, and torrent index poisoning is one. A Distributed Denial-of-Service (DDoS) attack using torrent poisoning, more specifically using index poisoning, is one of the most effective and disruptive types of attacks. These web flooding attacks originate from BitTorrent-based file-sharing communities, where the participants using the BitTorrent applications cannot detect their involvement. The antivirus and other tools cannot detect the altered torrent file, making the BitTorrent client target the webserver. The use of reverse proxy servers can block this type of request from reaching the web server, preventing the severity and impact on the service of the DDoS. In this paper, we analyze a torrent index poisoning DDoS to a higher education institution, the impact on the network systems and servers, and the mitigation measures implemented.
publishDate 2022
dc.date.none.fl_str_mv 2022-12-30
2022-12-30T00:00:00Z
2024-01-09T14:39:03Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.15/4670
url http://hdl.handle.net/10400.15/4670
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Godinho A., Rosado J., Sá F., Caldeira F., & Cardoso F. (2023). Torrent poisoning protection with a reverse proxy server. Electronics, 12(1). doi: https://doi.org/10.3390/electronics12010165
2079-9292
10.3390/electronics12010165
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv MDPI
publisher.none.fl_str_mv MDPI
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799137051245805568

Registros relacionados