Attacks On and From P2P File-Sharing Systems

September 1, 2006
Keith Ross | Polytechnic University (Brooklyn, NY)

Many popular file-sharing systems have been the targets of massive attack. Furthermore, given the large number of peers in many file sharing systems, they can potentially be leveraged to create large-scale DDoS attacks against arbitrary targets. In this talk we examine attacks both on and from file sharing systems. For the attacks on, we examine two attack types: index poisoning and pollution insertion. In the index poisoning attack, for a set of targeted titles, the attacker inserts massive numbers of bogus records into the index. As a result, when a user searches for a targeted title, the index returns bogus results, such as bogus file identifiers, bogus IP addresses, or bogus port numbers. In the pollution attack, the attacker inserts large volumes of polluted content into the system. We shall discuss both attacks in FastTrack, an unstructured P2P system, and Overnet, a DHT-based system which is part of eDonkey.

We will also discuss how attackers can exploit a P2P file-sharing system to launch a DDoS attack against an arbitrary target host. In particular, we provide measurement results from our own mini-DDoS attacks exploiting Overnet.

Speaker Details

Professor Ross is the Leonard J. Shustek Chair Professor in Computer Science at Polytechnic Institute of NYU since January 2003. Professor Ross has worked in peer-to-peer networking, Internet measurement, video streaming, Web caching, multi-service loss networks, content distribution networks, network security, voice over IP, optimization, queuing theory, and Markov decision processes. He is an IEEE Fellow, associate editor for IEEE/ACM Transactions on Networking, has served as PC chair for several networking and multimedia conferences. He has also served as an advisor to the Federal Trade Commission on P2P file sharing. Professor Ross is co-author (with James F. Kurose) of the popular textbook, Computer Networking: A Top-Down Approach Featuring the Internet, published by Addison-Wesley (fifth edition 2009). It is the most popular textbook on computer networks in CS departments, both nationally and internationally; it has been translated into twelve languages. Professor Ross is also the author of the research monograph, Multiservice Loss Models for Broadband Communication Networks, published by Springer in 1995.