Security Incidents mailing list archives

Re: What's on udp/2002 ?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 19 Sep 2002 09:43:34 +1200

Anyway, this part of the source might give you a clue...

--CUT--
#define PORT            2002
--CUT--

It looks like this thing uses port 2002 to communicate in it's
peer-to-peer way.  ...


This is not directed at the poster I'm quoting, but is a comment 
about terminology use in general.

For better or worse, in the wider computer user community,
"peer-to-peer" has taken on a rather specific meaning.  Thus, while 
it is not technically incorrect to refer to the DDoS agent control
network established by Slapper via UDP port 2002 as "peer-to-peer",
it is also not very helpful should such talk spill into the wider
community (as it is likely to when there are journalists about).

We've already seen such "careless" use of the term get regurgitated 
in the "specialist" IT media with "peer-to-peer" being confounded 
with "P2P", very clearly showing that someone is more than slightly 
confused.  Now, this is bound to be partly because there has not been 
a juicy worm story for weeks -- months even -- but there are other 
forces at work here too.  This terminology was not used in the 
reporting of various earlier DDoS agent networks when DDoS became the 
latest cool thing to talk to the media.  Despite the fact that most 
such DDoS agents maintanined control and even maintenance 
communications over a network similar to that used by Slapper, we did 
not see the term "peer-to-peer" being used nor those DDoS agents 
being confused in any way with the then equivalent of KaZaA.  I hope 
the rather incessant use of "peer-to-peer" in the recent discussion 
of Slapper has not been a deliberate, cynical attempt by those using 
the term to snag media attention...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

What's on udp/2002 ? Guido Van De Velde (Sep 18)
- Re: What's on udp/2002 ? rewt (Sep 18)
  - Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Jay D. Dyson (Sep 18)
  - Re: What's on udp/2002 ? Kurt Seifried (Sep 18)
- Re: What's on udp/2002 ? Russell Harding (Sep 18)
- Re: What's on udp/2002 ? Nick FitzGerald (Sep 18)
- Re: What's on udp/2002 ? Johannes Ullrich (Sep 18)
- Re: What's on udp/2002 ? Jose Nazario (Sep 18)
- Re: What's on udp/2002 ? Guido Van De Velde (Sep 18)
- <Possible follow-ups>
- RE: What's on udp/2002 ? Matthew F. Caldwell (Sep 18)