I think this problem has been typically simplified and many facts surrounding the demise of some of the DC++ projects are missing. The opinions of those who directly suffered at the hands of the so called 'groups' of attackers are biased and rightly so. This however, allows some of the most important facts to be excluded. With every type of P2P network weather its new or old you will find similar occurences of these types of attacks. The whole point of P2P is about connecting people together from all over the

world, be it for chat or the purpose of exchanging files. There are literally tens of millions of clients connected into these networks on a daily basis. These clients are all interconnecting with each other and sharing data on a massive scale. This is BIG business for bandwidth carriers, much bigger then a few project or corporate websites. It is also big business for the network layer hardware companies

AND the online security community. We can sit here all day debating where the blame lies but its not going to make the problem go away and neither is patching up the P2P server softwares or clients (although this is a step in the right direction on one front) but lets face it, the more we develop the more exploits we leave in our wake. Sure we can sit here and come up with more sophisticated firewall scripts or router configurations but what use are they when the size of the incoming attack exceeds that

of your line capacity? No use at all. When that happens all you can do is pray your bandwidth supplier will help you filter this incoming tidal wave, which in 90% of cases they wont and why should they? If one customer out of 10000 is currently offline thats considered a very stable and reliable network not to mention cost effective. For them to help would mean bigger more powerful routers aswell as larger

line capacity, an investment they are not willing to make on the back of a handful of customer

complaints.

But what is the real issue here? How do these attacks actually work? How can a computer on a home network in Sweden or Romania or anywhere else for that matter force hundreds of thousands of P2P clients to attack a given target? Well theres a simple answer to those questions... It happens because the home network suppliers (ISP's)LET IT HAPPEN. Its down to them to police their outgoing traffic. If anyone can show me a home network supplier that varifies the source of outgoing packets actually originates from within

their network I would be very suprised.

If we want to help reduce the effectivness of DDOS attacks that utilise the P2P networks we must address the problem at its source (the home ISP's) and not lay blame with the middle-men (P2P networks).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11466/34624#34624