←back to thread

Resurrecting a dead torrent tracker and finding 3M peers

(kianbradley.com)
655 points k-ian | 2 comments | 17 Jun 25 17:40 UTC | HN request time: 0.443s | source
Show context
nneonneo ◴[17 Jun 25 19:20 UTC] No.44302842[source]
Now I'm wondering: with the wide range of bittorrent clients out there, and the fact that many are written in unsafe languages, could it be possible for some of them to be exploited through a malicious tracker? It would not surprise me if some of these clients misbehave if fed malformed data from a tracker.
replies(7): >>44304020 #>>44304055 #>>44304380 #>>44305278 #>>44305546 #>>44306010 #>>44306382 #
1. ethan_smith ◴[18 Jun 25 00:39 UTC] No.44305546[source]
Transmission had a remote code execution vulnerability (CVE-2018-5702) through DNS rebinding that allowed attackers to execute arbitrary commands - tracker exploitation is definitely a real attack vector.
replies(1): >>44306782 #
2. udev4096 ◴[18 Jun 25 04:57 UTC] No.44306782[source]
Using a container sandbox such as gvisor would definitely help. Or even using firejail for normal systemd processes