Penetration Testing mailing list archives
RE: bittorrent == botnet
From: Gadi Evron <ge () linuxbox org>
Date: Thu, 5 Oct 2006 19:19:02 -0500 (CDT)
On Thu, 5 Oct 2006, Elias-Bachrach, Ari (721) wrote:
I'm also not a BT expert, but I don't think you could really flood someone off line just because of the way BT works. BT has a lot of flow control algorithms to protect against chewing up too much bandwidth on one server. Also the server you were trying to flood would not _actually_ have the file people were requesting. After a certain number of tries (I think 3) the clients will stop trying to connect. With no good servers the tracker will eventually get flagged as bad and no one will download it. I doubt if much traffic would be generated at all.
It's possible.. there are just so many easier ways to do it.
Ari Elias-Bachrach Senior Technology Risk Consultant Protiviti 267 256 8857 (office) 267 256 8922 (fax) Ari.Elias-Bachrach () protiviti com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jason M Frey Sent: Wednesday, October 04, 2006 2:35 PM To: Jason L. Ellison; pen-test Subject: RE: bittorrent == botnet While I'm no bittorrent expert, I would think that this would likely not produce the desired results. You may post a popular torrent, but the seed/leech numbers would not attract a mass of individuals. You would have to post a torrent that is not available anywhere else, but would be highly desirable. Even then, however, I suspect that the traffic created by the initiation of a torrent connection would not be sufficient to overburden the network. Jason -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jason L. Ellison Sent: Tuesday, October 03, 2006 4:26 PM To: pen-test Subject: bittorrent == botnet A friend and I were discusing the possible uses of the bittorrent network in DDOS's. It could be a very massive botnet if you advertised popular files with the targets ip address and target service. In the most recent version of azerus I noticed that the default settings ignore clients that advertise on ports "0;25;135;139". For instance if I falsely advertise: HTTP, RDP, SIP, VNC ports and the victims ip address and loaded my client with very popular hashes... I would think this would overburden most small medium businesses without having to own or buy a botnet. comments? -Jason Ellison ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ NOTICE: Protiviti is a leading international provider of independent internal audit and business and technology risk consulting services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you. ============================================================================== ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- bittorrent == botnet Jason L. Ellison (Oct 03)
- RE: bittorrent == botnet Jason M Frey (Oct 04)
- Re: bittorrent == botnet c0redump (Oct 04)
- Re: bittorrent == botnet Arkem Paul (Oct 04)
- Re: bittorrent == botnet c0redump (Oct 04)
- Re: bittorrent == botnet Nicolas RUFF (Oct 09)
- <Possible follow-ups>
- RE: bittorrent == botnet Elias-Bachrach, Ari (721) (Oct 05)
- RE: bittorrent == botnet Gadi Evron (Oct 05)
- RE: bittorrent == botnet Jason M Frey (Oct 04)