From: Elias-Bachrach, Ari (721) (ari.elias-bachrach@protiviti.com)
Date: Thu Oct 05 2006 - 13:57:16 EDT
I'm also not a BT expert, but I don't think you could really flood
someone off line just because of the way BT works. BT has a lot of flow
control algorithms to protect against chewing up too much bandwidth on
one server. Also the server you were trying to flood would not
_actually_ have the file people were requesting. After a certain number
of tries (I think 3) the clients will stop trying to connect. With no
good servers the tracker will eventually get flagged as bad and no one
will download it. I doubt if much traffic would be generated at all.
Ari Elias-Bachrach
Senior Technology Risk Consultant
Protiviti
267 256 8857 (office)
267 256 8922 (fax)
Ari.Elias-Bachrach@protiviti.com
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Jason M Frey
Sent: Wednesday, October 04, 2006 2:35 PM
To: Jason L. Ellison; pen-test
Subject: RE: bittorrent == botnet
While I'm no bittorrent expert, I would think that this would likely not
produce the desired results. You may post a popular torrent, but the
seed/leech numbers would not attract a mass of individuals.
You would have to post a torrent that is not available anywhere else,
but would be highly desirable. Even then, however, I suspect that the
traffic created by the initiation of a torrent connection would not be
sufficient to overburden the network.
Jason
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Jason L. Ellison
Sent: Tuesday, October 03, 2006 4:26 PM
To: pen-test
Subject: bittorrent == botnet
A friend and I were discusing the possible uses of the bittorrent
network in DDOS's. It could be a very massive botnet if you advertised
popular files with the targets ip address and target service. In the
most
recent version of azerus I noticed that the default settings ignore
clients that advertise on ports "0;25;135;139".
For instance if I falsely advertise: HTTP, RDP, SIP, VNC ports and the
victims ip address and loaded my client with very popular hashes... I
would think this would overburden most small medium businesses without
having to own or buy a botnet.
comments?
-Jason Ellison
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
NOTICE: Protiviti is a leading international provider of independent internal audit and business and technology risk consulting services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
==============================================================================
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:06 EDT