Comments

10/06: P2P networks; a blessing or menace?

File sharing is a rather old concept. It has evolved over time to the current P2P and torrent networks. Napster and Kazaa were very popular file sharing services at the turn of this century. Millions of internet users use file sharing predominantly for downloading pirated software, movies and music amongst many other things. This illegal sharing dominates the volume of legal sharing like that of open source software including Linux based distributions. By some estimates, 35% of internet traffic today is caused by BitTorrent alone!

The world’s population is around 6.5 billion out of which 1.115 billion have access to the internet. 35% of 1.115 billion is 390.25 million people. The total internet users indulging in file sharing constitute a larger number of users than 390.25 million since BitTorrent is just one of the ways for file sharing. If you are providing web hosting services or running a popular website, imagine a healthy percentage of more than 400 to 600 million (a rather conservative estimate) hits in a short period of time. Welcome to the world of DDOS (Distributed Denial Of Service) attacks!




For the uninitiated, DDOS attack, in simplified terms, is when multiple computers connect to a single computer over a short span of time and engage all available ports hence choking the server from providing services to other legitimate clients or else slowing down the server so much as to render it unable to provide any services. There are many methods for DDOS attacks, a brief summary of which can be read on Wikipedia here. In general, DDOS attacks use many zombie systems to attack the target.

According to recent reports, file sharing services like BitTorrent and eDonkey P2P networks can be used by attackers for DDOS attacks. We have already seen examples of this, during the last month, in reports of alleged cyber attacks on websites of Estonian banks, government agencies and newspapers by attackers from Russia. This poses a grave concern for plans of e-governance and providing other vital services via the internet for all prospective countries.

I feel that the Government of Pakistan should focus on preventing such attacks for its e-governance and online service plans, especially as Pakistan is surrounded by a volatile and a rather aggressive neighbourhood. In the modern era, security is not only pertinent for traditional assets like land. Information is an equally important asset and needs to be protected.

This P2P based DDOS attack is not just limited to machines inside the P2P network. It can be used for attacks on machines outside the network. These kinds of attacks are on the rise and would probably make headlines soon enough when some big-name website gets swamped by such a DDOS attack.

P2P networks are being used for DDOS attacks by exploiting software bugs in P2P applications which don’t provide any protection against this kind of attack yet. I myself am uncertain as to how one would differentiate legitimate traffic from that which is intended for an attack. Usually, the attacker puts fake entries in the database of shared files for the sharing network which point to the intended target. Whenever anyone requests the fake or infected file entry, the person’s computer makes a request to the DDOS attack target for the data. As the number of people downloading the same file grows, the attack intensifies. After a slight hacking of the BitTorrent code and a couple of modified .torrent files, one can achieve the same effect.

Just imagine people trying to download an infected torrent of some newly released major Linux distribution like Ubuntu. It would result in utter chaos due to the high volume of traffic involved for causing a DDOS attack. It would be very poetic if the target is Microsoft’s website. ^_^

In March, this year, The Inquirer reported that Verisign has discovered a new kind of DOS (Denial Of Service) attack whereby the attacker sends queries to the DNS servers with the return address being that of the target system. In this case, the DNS servers are used for an indirect attack which is much harder to stop. However, this attack doesn’t involve P2P networks directly as in the above examples.

Since the P2P network method of attack is rather recent, most service providers are unable to guard against such type of attacks. I hope that computer security experts will put in some efforts to find defences against this kind of attacks before this creates any major trouble and I wish them the best of luck in their effort.

Meanwhile, what can you as a user do to stop this? While I know very well that this will fall on deaf ears, stop downloading illegal files via file sharing and go purchase what you want to download on physical licensed media! ;)
Asad  Computers 
Karma: 413 [Add to karma] 


Comments made

torrents are far better than p2p clients not because there is more illegal stuff on torrent but they take less time to download compared to p2p clients. I heard about limewire is a very good client and another one called shareza which works both ways like a p2p and torrent downloader. I just hope that somebody start selling songs like itune does but for urdu and hindi songs or maybe something like napster. I love linux so I mostly download distros and podcast of the torrents.
12/06 23:28:41
Maybe I didn't make myself clear enough. Torrents are a part of P2P networks. You get files from multiple other users, hence it is Peer To Peer. Look it up on Wikipedia to get more information.
13/06 02:46:08
35% of internet traffic does not mean 35% of netizens. I wouldn't be surprised if a large percentage of that traffic consisted of automated scripts and heavy human users. Just consider that 90% of email traffic is spam:

http://mail-observer.com/index.php/2006/09/24/spam-is-omg-90
16/06 19:31:07
@ Abdussamad:

Please read about analysing techniques and how and when worst-case scenarios are used.

35% is an estimated figure. Secondly, BitTorrent is just a part of this 35%. Thirdly, BitTorrent and email use entirely different protocols and can not be compared in this scenario with regards to spam.
16/06 21:16:06
There are two very important points Asad.
-You write that,"It would be very poetic if the target is Microsoft’s website". Which means it usually doesn't happen. Do you imply in any way that M$ is behind it?
-And you want people to stop downloading illegal files, fine. I have enough experience of moving around with money in my pockets and not getting a decent thing. What you say to that?

Note: Ya you are right, it sure falls on deaf ears, but you also download these files, don't you? :)
19/06 20:19:43
@ Usman:

Is Microsoft behind it? No.

As to your second question, the solution if one doesn't has enough money lies in free and open source software. If you are interested, join and contribute on the linked community below:

http://www.linux-pakistan.net

I downloaded these files, the operative word being "downloaded". Now I have access to a lot of licensed software from my university.
20/06 22:14:01
My point was that it is kind of necessary evil. And I do use open source software, sourceforge being one of my favorite haunts.
21/06 00:56:55
Asad, its intriguing in sense of "instead of stopping the evil hands, blame it on the knife".
This world is very versatile. people with with different walks of life with different thinking and of course with different needs.
I guess we better not close the door for specific community or deny them from their rights just because of small group of evils who are taking advantage of the situation for reasons only known to them.
Technology brings ease as well as headaches the cure should be for the headaches not for the ease.
27/06 06:16:15
@ Faisal.Qureshi:

No, what I am saying is that till it is safe, better cover the knife with a cloth.

Yes, I do admit that people who will try this approach will be few out of the entire user base. However, one can stop using it till this exploit is removed from the current clients.

After that, it's free for all!
27/06 10:15:23
Do you really think its do able? ....I don't think so, not even for one day i guess because the p2p community is so much large and wide spread, and culprits are very few... which i think actually makes them hard to find.
And even if it does happens, what makes you think that the evil hands will not try it again as no body or nothing is perfect, there is alway a loophole even in best of the best of solutions.?
28/06 10:27:52

Add comment

 

Allowed BBCode:[b] [i] [u] [color=] [size=] [quote] [code] [email] [img]

Comments must be approved before being published.

 

Copyright © 2006-2013 Asad Asif - All rights reserved unless otherwise noted.

CSS | XHTML 1.0 Strict | RSS