BitTorrent clients often use UPnP to forward ports automatically. Many Windows users remain on old uTorrent versions after multiple unwanted "features" (advertising, built-in bitcoin miner, ...).
On the bright side, open source BitTorrent clients appear to have low amplification factors (libtorrent does 4x vs 40x for uTorrent).
In this context, UPnP is what allows uTP to be used as a reflector, since the target reflector will have their ports opened automatically by UPnP (normally a NAT would block it).
That said, improperly configured UPnP can also be used to perform DRDoS via SSDP.
Thanks! I was going to write the same comment, and I don't think it is off-topic.
Many HN readers probably won't understand the word-play behind "DRDoS", as they are too young to have worked with MS-DOS/DR-DOS/etc. So I think it is worth mentioning that this title is a word-play.
I wonder if there's a connection between this discovery and the articles [1] about the pirate bay's tracker targeting random ip addresses happening a few months ago.
Anyone have an idea what percentage of networks and hosting providers drop spoofed packets originating from inside their networks? What are the downsides of dropping them?
You're referring to BCP-38, aka RFC 2827. It's actually decently hard for a transit network to do this at scale. You can do it when you're a small ISP, but the administrative stuff becomes harder as you get larger and are constantly getting more allocations, buy out other ISP's, etc.
Every content network should do it. Not a huge win there, but it's something.
I'm not saying we shouldn't try, but there are countless, very long threads on NANOG about why some transit networks just can't do it.
BitTorrent clients often use UPnP to forward ports automatically. Many Windows users remain on old uTorrent versions after multiple unwanted "features" (advertising, built-in bitcoin miner, ...).
On the bright side, open source BitTorrent clients appear to have low amplification factors (libtorrent does 4x vs 40x for uTorrent).