Fergie's Tech Blog

P2P Networks Hijacked for DDoS Attacks

Via Netcraft.

Peer-to-peer networks are being hijacked to launch an increasing number of distributed denial of service (DDoS) attacks on web sites, according to security researchers and network service providers. In these attacks, large numbers of client computers running P2P software are tricked into requesting a file from the intended target of the DDoS, allowing the attacker to use the P2P network to overwhelm the target site with traffic.

These type of attacks had been discussed in papers by security researchers last year, but began appearing on the Internet in early 2007 and have accelerated in recent weeks, according to Prolexic Technologies, which specializes in DDoS defense. In a May 14 advisory, Prolexic reported an increase in the number and frequency of attacks. "The rash of large P2P attacks we have seen in the last month is a perfect example of how the DDoS problem constantly evolves," said Darren Rennick, CEO of Prolexic. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack. We now see them constantly being subverted."

The company said as many as 100,000 machines had been used in some of the attacks. The peer-to-peer DDoSes may be attractive to attackers, as they don't require the use of an existing "botnet" of compromised computers.

Prolexic said many of the recent attacks exploited dc++ open source peer-to-peer client for Windows machines using the Direct Connect file-sharing protocol. On their blog, the developers of dc++ acknowledge that the software is being used in DDoS attacks, and note that recent updates have addressed the security holes.

posted by Fergie @ 5/23/2007 11:20:00 AM