“Attackers have found a way to exploit a number of bugs in peer-to-peer servers to initiate DoS attacks. The most aggressive of these peer-to-peer-DoS attacks exploits DC++. Peer-to-peer attacks are different from regular botnet-based attacks. With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a 'puppet master,' instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead. As a result, several thousand computers may aggressively try to connect to a target website. While a typical web server can handle a few hundred connections/sec before performance begins to degrade, most web servers fail almost instantly under five or six thousand connections/sec. With a moderately big peer-to-peer attack a site could potentially be hit with up to 750,000 connections in a short order. This method of attack can be prevented by specifying in the p2p protocol which ports are allowed or not. If port 80 is not allowed, the possibilities for attack on websites can be very limited.” (Wikipedia)
When I think of peer to peer it brings me back to the illegal music downloading and that whole aspect. It’s crazy to think, that they refer to this DOS as a “puppet master” and you really have no idea of who is behind this scheme. And to make matters worse they are able to connect to over thousands of computers at once. What brings me to my question is what does the virus protections actually do for us that we pay for? Don’t they help? Obviously they don’t, because results shows thousands of computers are still being hacked daily.
http://en.wikipedia.org/wiki/Denial-of-service_attack
That is crazy that one person can be the one that tells everyone else what to do. I never knew that peer-to-peer DoS attacks exsited like the one you mentioned.
ReplyDelete