Penetration Testing mailing list archives
RE: bittorrent == botnet
From: "Jason M Frey" <jmfrey () jcpenney com>
Date: Wed, 4 Oct 2006 13:35:07 -0500
While I'm no bittorrent expert, I would think that this would likely not produce the desired results. You may post a popular torrent, but the seed/leech numbers would not attract a mass of individuals. You would have to post a torrent that is not available anywhere else, but would be highly desirable. Even then, however, I suspect that the traffic created by the initiation of a torrent connection would not be sufficient to overburden the network. Jason -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jason L. Ellison Sent: Tuesday, October 03, 2006 4:26 PM To: pen-test Subject: bittorrent == botnet A friend and I were discusing the possible uses of the bittorrent network in DDOS's. It could be a very massive botnet if you advertised popular files with the targets ip address and target service. In the most recent version of azerus I noticed that the default settings ignore clients that advertise on ports "0;25;135;139". For instance if I falsely advertise: HTTP, RDP, SIP, VNC ports and the victims ip address and loaded my client with very popular hashes... I would think this would overburden most small medium businesses without having to own or buy a botnet. comments? -Jason Ellison ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?campp16 00000008bOW ------------------------------------------------------------------------
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer.
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?campp1600000008bOW ------------------------------------------------------------------------
Current thread:
- bittorrent == botnet Jason L. Ellison (Oct 03)
- RE: bittorrent == botnet Jason M Frey (Oct 04)
- Re: bittorrent == botnet c0redump (Oct 04)
- Re: bittorrent == botnet Arkem Paul (Oct 04)
- Re: bittorrent == botnet c0redump (Oct 04)
- Re: bittorrent == botnet Nicolas RUFF (Oct 09)
- <Possible follow-ups>
- RE: bittorrent == botnet Elias-Bachrach, Ari (721) (Oct 05)
- RE: bittorrent == botnet Gadi Evron (Oct 05)
- RE: bittorrent == botnet Jason M Frey (Oct 04)