Security Incidents mailing list archives
Re: What's on udp/2002 ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 19 Sep 2002 09:43:34 +1200
Anyway, this part of the source might give you a clue... --CUT-- #define PORT 2002 --CUT-- It looks like this thing uses port 2002 to communicate in it's peer-to-peer way. ...
This is not directed at the poster I'm quoting, but is a comment about terminology use in general. For better or worse, in the wider computer user community, "peer-to-peer" has taken on a rather specific meaning. Thus, while it is not technically incorrect to refer to the DDoS agent control network established by Slapper via UDP port 2002 as "peer-to-peer", it is also not very helpful should such talk spill into the wider community (as it is likely to when there are journalists about). We've already seen such "careless" use of the term get regurgitated in the "specialist" IT media with "peer-to-peer" being confounded with "P2P", very clearly showing that someone is more than slightly confused. Now, this is bound to be partly because there has not been a juicy worm story for weeks -- months even -- but there are other forces at work here too. This terminology was not used in the reporting of various earlier DDoS agent networks when DDoS became the latest cool thing to talk to the media. Despite the fact that most such DDoS agents maintanined control and even maintenance communications over a network similar to that used by Slapper, we did not see the term "peer-to-peer" being used nor those DDoS agents being confused in any way with the then equivalent of KaZaA. I hope the rather incessant use of "peer-to-peer" in the recent discussion of Slapper has not been a deliberate, cynical attempt by those using the term to snag media attention... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- What's on udp/2002 ? Guido Van De Velde (Sep 18)
- Re: What's on udp/2002 ? rewt (Sep 18)
- Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Jay D. Dyson (Sep 18)
- Re: What's on udp/2002 ? Kurt Seifried (Sep 18)
- Re: What's on udp/2002 ? Russell Harding (Sep 18)
- Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Johannes Ullrich (Sep 18)
- Re: What's on udp/2002 ? Jose Nazario (Sep 18)
- Re: What's on udp/2002 ? Guido Van De Velde (Sep 18)
- <Possible follow-ups>
- RE: What's on udp/2002 ? Matthew F. Caldwell (Sep 18)
- Re: What's on udp/2002 ? rewt (Sep 18)