RE: bittorrent == botnet

From: Gadi Evron (ge@linuxbox.org)
Date: Thu Oct 05 2006 - 20:19:02 EDT

• Next message: Craig Wright: "RE: Informing Companies about security vulnerabilities..."
• Previous message: janheisterkamp@web.de: "auditing of chinese pwds"
• In reply to: Elias-Bachrach, Ari (721): "RE: bittorrent == botnet"
• Next in thread: Nicolas RUFF: "Re: bittorrent == botnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 5 Oct 2006, Elias-Bachrach, Ari (721) wrote:
> I'm also not a BT expert, but I don't think you could really flood
> someone off line just because of the way BT works. BT has a lot of flow
> control algorithms to protect against chewing up too much bandwidth on
> one server. Also the server you were trying to flood would not
> _actually_ have the file people were requesting. After a certain number
> of tries (I think 3) the clients will stop trying to connect. With no
> good servers the tracker will eventually get flagged as bad and no one
> will download it. I doubt if much traffic would be generated at all.

It's possible.. there are just so many easier ways to do it.

>
> Ari Elias-Bachrach
> Senior Technology Risk Consultant
> Protiviti
> 267 256 8857 (office)
> 267 256 8922 (fax)
> Ari.Elias-Bachrach@protiviti.com
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of Jason M Frey
> Sent: Wednesday, October 04, 2006 2:35 PM
> To: Jason L. Ellison; pen-test
> Subject: RE: bittorrent == botnet
>
> While I'm no bittorrent expert, I would think that this would likely not
> produce the desired results. You may post a popular torrent, but the
> seed/leech numbers would not attract a mass of individuals.
>
> You would have to post a torrent that is not available anywhere else,
> but would be highly desirable. Even then, however, I suspect that the
> traffic created by the initiation of a torrent connection would not be
> sufficient to overburden the network.
>
> Jason
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of Jason L. Ellison
> Sent: Tuesday, October 03, 2006 4:26 PM
> To: pen-test
> Subject: bittorrent == botnet
>
>
> A friend and I were discusing the possible uses of the bittorrent
> network in DDOS's. It could be a very massive botnet if you advertised
> popular files with the targets ip address and target service. In the
> most
> recent version of azerus I noticed that the default settings ignore
> clients that advertise on ports "0;25;135;139".
>
> For instance if I falsely advertise: HTTP, RDP, SIP, VNC ports and the
> victims ip address and loaded my client with very popular hashes... I
> would think this would overburden most small medium businesses without
> having to own or buy a botnet.
>
> comments?
>
> -Jason Ellison
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
>
> NOTICE: Protiviti is a leading international provider of independent internal audit and business and technology risk consulting services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
>
>
>
> This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
> ==============================================================================
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Craig Wright: "RE: Informing Companies about security vulnerabilities..."
• Previous message: janheisterkamp@web.de: "auditing of chinese pwds"
• In reply to: Elias-Bachrach, Ari (721): "RE: bittorrent == botnet"
• Next in thread: Nicolas RUFF: "Re: bittorrent == botnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:07 EDT