Exploiting emule, torrent, etc. to perform a DDoS Attack!

pandlouk · Dec 5, 2007

The current p2p networks can be exploited from malicious clients and generate DDoS attacks on nodes that are not even part of the overlay system!

DDoS Attacks by Subverting Membership Management in P2P Systems said:

Abstract—We show that malicious participants in a peerto-peer system can subvert its membership management mechanisms to create large-scale DDoS attacks on nodes not even part of the overlay system. The attacks exploit many fundamental design choices made by peer-to-peer system designers such as (i) use of push-based mechanisms; (ii) use of distinct logical identifier (e.g. IDs in a DHT) corresponding to the same physical identifier (e.g., IP address), typically to handle hosts behind NATs; and (iii) inadequate or poorly designed mechanisms to validate membership information. We demonstrate the significance of the attacks in the context
of mature and extensively deployed peer-to-peer systems with representative and contrasting membership management algorithms - DHT-based Kad and gossip-based ESM.
Click to expand...

Exploiting P2P Systems for DDoS Attacks said:

When a P2P system has millions of concurrently active peers, there is the risk that it could serve as a DDoS engine for attacks against a targeted host. In this paper we describe two approaches to creating a DDoS engine out of a P2P system: the first involves poisoning the distributed index in the peers; the second involves poisoning the routing tables in the peers. For both approaches, the targeted host does not have to be a participant in the P2P system, and could be a web server, a mail server, or a user’s desktop. We then examine these two poisoning attacks in Overnet, a popular DHT-based P2P file-sharing system. By using limited poisoning attacks of short duration on Overnet’s indexing
and routing tables, we create DDoS attacks against a targeted host. We find that with modest effort, both DDoS attacks can direct significant traffic from diverse peers to the target.
Click to expand...

Related articles
http://cobweb.ecn.purdue.edu/~isl/NPSec07.pdf
http://cobweb.ecn.purdue.edu/~isl/TR-EE-07-13.pdf
http://cis.poly.edu/~ross/papers/p2pddos.pdf

pandlouk · Dec 6, 2007

Some more info for those who do not want to read the entire article.

DDoS Attacks by Subverting Membership Management in P2P Systems said:

We considered whether even higher attack magnitudes are possible by combining larger number of nodes and increasing the rate of the attraction heuristic. Figure 5 shows an attack generated using 200 malicious nodes scattered around Planetlab, with the victim in our laboratory. Traffic of over 700 Mbps was received by the victim after 14 hours of experiment. This far exceeded what we feared, and indicates the criticality and seriousness of the problem. We abandoned further experiments on this line
given the seriousness of the attacks.
Click to expand...

http://cobweb.ecn.purdue.edu/~isl/NPSec07.pdf

lucas1985 · Dec 6, 2007

Really serious
It seems that some protocols will have to be re-engineered.

Log in or Sign up

Exploiting emule, torrent, etc. to perform a DDoS Attack!

pandlouk Registered Member

pandlouk Registered Member

lucas1985 Retired Moderator

Log in or Sign up

Exploiting emule, torrent, etc. to perform a DDoS Attack!

pandlouk Registered Member

pandlouk Registered Member

lucas1985 Retired Moderator

Useful Searches