P2P Networks Supplement Botnets

stuckinarut writes "Peer to peer file sharing network popularity is at an all time high, with hundreds of thousands of computers connected to a single P2P network at a given time. These networks are increasingly being used to trick PCs into attacking other machines, experts say. In fact, some reports indicate that peer-to-peer may actually exceed web traffic. Computer scientists have previously shown how P2P networks can be subverted so that several connected PCs gang up to attack a single machine, flooding it with enough traffic to make it crash. This can work even if the target is not part of the P2P network itself. Now, security experts are warning that P2P networks are increasingly being used to do just this. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack," says Darren Rennick of internet security company Prolexic in an advisory released recently. "We now see them constantly being subverted.""

well

[mastershake_phd]

I know my connection sees more P2P traffic than web traffic. One 175mb TV show is a lot of web pages.

Re:It would be interesting...

[Bill Wong]

From what I understand, this sounds like a new DDoS technique.
Spoof some packets and forward them to a torrent tracker that so-and-so-IP-address is a seed for popular torrents.
Watch as requests for that file flood the target. Repeat as necessary (actually, probably will need to repeat a whole lot).

Re:It would be interesting...

[necro2607]

What's new about it: The victims don't have to be P2P users at all (in fact, their PC could just be sitting there at the log in screen, not even in use).

We're talking about subverting P2P protocols in such a manner that completely legit P2P client software all over the net will be making regular requests to a certain target machine, because as far as the client software knows, that's where the requested file (SHREK_3_SCREENER_DVDRIP.AVI etc.) is supposedly located.

Another reason to better utilize P2P networks

[Freed]

P2P has too much potential at stake to just being associated with massive copyright infringements and now botnets.

These associations will only be used as excuses to involve clueless regulators to inflict even more damage than they already do.

P2P also is used to distribute OS images, large collections of data, etc. Companies and organizations--especially involved with free software--need to get on the ball and rely more on P2P. There's more than just bandwidth savings at stake.

P2P-ize everything!

[suv4x4]

Well here's what: P2P is just a hack. That's all it is. It's a scheme to avoid central authority, and avoid a central point of load...

While in some cases this is an attempt to avoid legal repercussions of hosting illegal content, on other cases, where content is legal, it's an attempt for the content providers to make their very big bandwidth problem, someone else's bandwidth problem.

Because this is all P2P is doing, moving the problem elsewhere, and actually multiplying it. Downloading a 100 MB file via bittorent will generate far more traffic and connection on the Internet as a whole, than a direct download from a proper server farm. No wonder ISP-s are stressed out from this whole P2P deal.

And then there's the security problems. I wonder: where did all those guys shouting with full throat "P2P-ize everything" do? I've read here on Slashdot, bold commenters proclaim boldly how lame it is that there are still things that aren't P2P yet. We need P2P search engines! P2P hosting! P2P banking! All of those are actual things I've read.

But back to the beginning, P2P means no central authority. Hence, it means no central trusted entity, no trust, no security.