Slashdot Mirror

← Back to Stories (view on slashdot.org)

P2P Networks Supplement Botnets

Posted by samzenpus on from the share-you-bot dept.

stuckinarut writes "Peer to peer file sharing network popularity is at an all time high, with hundreds of thousands of computers connected to a single P2P network at a given time. These networks are increasingly being used to trick PCs into attacking other machines, experts say. In fact, some reports indicate that peer-to-peer may actually exceed web traffic. Computer scientists have previously shown how P2P networks can be subverted so that several connected PCs gang up to attack a single machine, flooding it with enough traffic to make it crash. This can work even if the target is not part of the P2P network itself. Now, security experts are warning that P2P networks are increasingly being used to do just this. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack," says Darren Rennick of internet security company Prolexic in an advisory released recently. "We now see them constantly being subverted.""

2 of 74 comments (clear)

  1. It would be interesting... by Tuxedo+Jack · · Score: 4, Interesting

    Think about it. Make a false request for a file - and then do TONS of requests for it from hundreds and thousands of other people. It's a classic DDoS attack.

    However, this will rule out a lot of corporate machines from being used as bots in this fashion; most decent sysadmins filter P2P traffic.

    --

    Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
    1. Re:It would be interesting... by Pedrito · · Score: 3, Interesting

      most decent sysadmins filter P2P traffic.

      You should read the advisory. Apparently firewalls aren't generally enough to prevent an attack. I suspect I've actually been the victim of some of these attacks, though I have no idea why and it's possible that it's something else, but I've had "attacks" that appear to be related to the ED2K (eMule/eDonkey) network where I just get flooded with incoming ED2K packets and it quickly hoses my DSL modem, which obviously isn't designed to handle a DDOS attack. My iptables firewall seems to survive longer than the DSL modem. Fortunately, switching off the modem for a few seconds and firing it back up gives me a new address (one of the benefits of dynamic addresses).

      I don't know why I'd be attacked. It's possible people are just testing out their botnets or something, but it's happened several times over the past few months. Since it's fairly simple for me to fix the problem (restarting the modem) and it's only happened a few times, I haven't really bothered to dig too deep into it.