P2P Networks Supplement Botnets 74
stuckinarut writes "Peer to peer file sharing network popularity is at an all time high, with hundreds of thousands of computers connected to a single P2P network at a given time. These networks are increasingly being used to trick PCs into attacking other machines, experts say. In fact, some reports indicate that peer-to-peer may actually exceed web traffic. Computer scientists have previously shown how P2P networks can be subverted so that several connected PCs gang up to attack a single machine, flooding it with enough traffic to make it crash. This can work even if the target is not part of the P2P network itself. Now, security experts are warning that P2P networks are increasingly being used to do just this. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack," says Darren Rennick of internet security company Prolexic in an advisory released recently. "We now see them constantly being subverted.""
BitTorrent (Score:3, Informative)
I can't say the same for certain non-standard extensions to BitTorrent, or for official's DHT-based trackerless system, unfortunately; I haven't studied them enough to assert their infallibility.
That doesn't sound THAT bad. (Score:5, Informative)
Actually, that won't happen.
Computers do not AUTOMATICALLY hit the "target computer". A person has to CHOOSE to download whatever the content is supposed to be.
In order to get "thousands of computers" to attack the target, you'd have to claim that the content was something that "thousands" of people wanted
Otherwise your "attack" will be limited to how many people are trying to download the content at any one time that have not timed out.
It's not how many TOTAL computers over a TOTAL time period.
If each of those 50,000 computers timed out and gave up in 60 seconds (a very reasonable time frame), then you're only looking at 278 (rounded up) "attacks" a minute.
Between 4 and 5 "attacks" a second.
It doesn't sound like much when you do the math, does it?
What probably gave the author the idea: (Score:2, Informative)
That night I look over at my modem and the send/receive lights are flashing like crazy. I check my firewall logs and see mass connection attempts on some port I wasn't aware was associated with anything. I do some Google searching and come to find out it's that peer-to-peer edonkey crap.
I thought "Whatever, surely the client will stop making connection attempts after it times out for a few days." But no sir, it went on for literally months until I received a new IP lease (with a little intervention on my part). Granted the traffic was not enough to affect my connection all that much but if 'legitimate' usage generates such a high volume of traffic I can see how abuse could become a concern.
Who writes these clients anyway, connection/ping timeout for a month and the IP is not put on some sort of exclude list?
A bit of Older news (Score:5, Informative)
Thankfully some Peer to Peer network protocols aren't badly implemented (and the client software isn't as bad as others). Netcraft has a decent article about this with examples of the P2P networks that have been shown as exploitable.
http://news.netcraft.com/archives/2007/05/23/p2p_
I can confidently say that these attacks can easily span the 800,000 pkt/sec (per link) and include millions of source addresses for a "cheap cost" compared to the botnets that previously have been almost exclusive to the attacks. Thankfully most P2P clients aren't hijackable in a way to simply pulse connections (all at once) or the more traditional SynFlooding. Connection (fully negotiated) tends to be easier to diagnose than the strictly syn-flooding style attacks can be, on top of it they tend to be more directed (single destination vs. rotating with some kind of intelligence across an entire netblock).
Geez. (Score:1, Informative)
I believe most everyone who has posted here must work at Best Buy in their Geek Squad. They use all the buzzwords. They write such a long rant full of geek-speak garbage that it distracts the majority and everyone assumes they know what they are speaking about.
Almost every reply here has been off-topic. Sad.