Slashdot Mirror

← Back to Stories (view on slashdot.org)

P2P Networks Supplement Botnets

Posted by samzenpus on from the share-you-bot dept.

stuckinarut writes "Peer to peer file sharing network popularity is at an all time high, with hundreds of thousands of computers connected to a single P2P network at a given time. These networks are increasingly being used to trick PCs into attacking other machines, experts say. In fact, some reports indicate that peer-to-peer may actually exceed web traffic. Computer scientists have previously shown how P2P networks can be subverted so that several connected PCs gang up to attack a single machine, flooding it with enough traffic to make it crash. This can work even if the target is not part of the P2P network itself. Now, security experts are warning that P2P networks are increasingly being used to do just this. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack," says Darren Rennick of internet security company Prolexic in an advisory released recently. "We now see them constantly being subverted.""

2 of 74 comments (clear)

  1. Re:That doesn't sound THAT bad. by rtb61 · · Score: 5, Funny

    Dang, now why would you go and take apart a good old "P2P is evil and must be banned" story, just think of that wasted RIAA money going down the drain on a failed corporate viral marketing meme ;).

    --
    Chaos - everything, everywhere, everywhen
  2. A bit of Older news by maelfius · · Score: 5, Informative

    I'm glad this finally made it to Slashdot. It's a bit of older news to those of us who work in the web hosting industry and have already been subjected to these types of attacks. The scale that the abuse of these networks causes the DDOS attacks to be is on a much larger scale than DDOS style attacks have been in the past (for the most part).

    Thankfully some Peer to Peer network protocols aren't badly implemented (and the client software isn't as bad as others). Netcraft has a decent article about this with examples of the P2P networks that have been shown as exploitable.

    http://news.netcraft.com/archives/2007/05/23/p2p_n etworks_hijacked_for_ddos_attacks.html

    I can confidently say that these attacks can easily span the 800,000 pkt/sec (per link) and include millions of source addresses for a "cheap cost" compared to the botnets that previously have been almost exclusive to the attacks. Thankfully most P2P clients aren't hijackable in a way to simply pulse connections (all at once) or the more traditional SynFlooding. Connection (fully negotiated) tends to be easier to diagnose than the strictly syn-flooding style attacks can be, on top of it they tend to be more directed (single destination vs. rotating with some kind of intelligence across an entire netblock).

    --
    Information is not Knowledge.