Turning P2P Networks into DDoS Engines: A Survey



1 School of Science and Eng., Sharif University of Technology (International Campus), Kish, Iran

2 Department of Electrical and Computer Eng., Tarbiat Modares University, Tehran, Iran


Recently, Peer-to-Peer (P2P) networks contribute to a large fraction of the Internet backbone traffic. Consequently, misusing such networks for malicious purposes is a potential side effect. In this review article, we investigate different techniques of misusing P2P overlay networks to launch large-scale next-generation Distributed Denial of Service (DDoS) attacks. In particular, we investigate representative systems of the structured (Overnet), unstructured (Gnutella) and hybrid (BitTorrent) P2P overlay networks. Real world experiments indicate the high performance, difficulty in detection and tracking, and the low cost of launching such attacks.


[1] D.D. Clark, J. Wroclawski, K.R. Sollins, and R. Braden, Tussle in
cyberspace: defining tomorrow's internet, IEEE/ACM Trans. on
Networking, vol. 13, pp. 462–475, 2005.
[2] J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher, Internet Denial
of Service: attack and defense mechanisms (Radia Perlman
Computer Networking and Security), Prentice Hall PTR Upper
Saddle River, NJ, USA, 2004.
[3] “The NGN forum” [Online], Available: http://www.catr.cn/
zhthg/ngn/2007/ [Accessed: May 2010].
[4] E.K. Lua, J. Crowcroft, M. Pias, R. Sharma, and S. Lim, A survey
and comparison of peer-to-peer overlay network schemes, IEEE
Communications Surveys & Tutorials, vol. 7, pp. 72–93, 2005.
[5] Napster - Wikipedia, the free encyclopedia, May 2010, [Online].
Available: http://en.wikipedia.org/wiki/Napster [Accessed: May
[6] Gnutella - Wikipedia, the free encyclopedia, May 2010, [Online].
Available: http://en.wikipedia.org/wiki/Gnutella [Accessed: May
[7] FastTrack - Wikipedia, the free encyclopedia, May 2010, [Online].
Available: http://en.wikipedia.org/wiki/Fasttrack [Accessed: May
[8] B. Cohen, Incentives build robustness in BitTorrent, The First
Workshop on Economics of Peer-to-Peer systems, Berkeley, CA,
USA, June 2003.
[9] BitTorrent (protocol) - Wikipedia, the free encyclopedia, May
2010, [Online]. Available: http://en.wikipedia.org/wiki/BitTorrent_(protocol) [Accessed: May 2010]. [10] K. El Defrawy, M. Gjoka, and A. Markopoulou, Bottorrent: Misusing Bittorrent to launch DDoS attacks, the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet (SRUTI'07), Berkeley, CA, USA, June 2007. [11] Y. Liu, X. Liu, C. Wang, and L. Xiao, Defending P2Ps from overlay flooding-based DDoS, The Int. Conf. on Parallel Processing (ICPP), Xian, China, September, pp. 28–28, 2007. [12] X. Sun, R. Torres, and S. Rao, DDoS attacks by subverting membership management in P2P systems, Secure Network Protocols, pp. 1–6, 2007. [13] X. Sun, R. Torres, and S. Rao, Preventing DDoS Attacks with P2P systems through robust membership management, Technical Report TR-ECE-07-13, Purdue University, USA, February 2007. [14] J. Oikarinen and D. Reed, Internet relay chat protocol, RFC 1459, May 1993. [15] Twitter - Wikipedia, the free encyclopedia, May 2010, [Online]. Available: http://en.wikipedia.org/wiki/Twitter [Accessed: May 2010]. [16] N. Friess and J. Aycock, Black Market Botnets, Jul. 2007. [17] Z. Li, Q. Liao, and A. Striegel, Botnet Economics: Uncertainty Matters, Managing Information Risk and the Economics of Security, pp. 245-267, 2009. [18] M. Ripeanu, Peer-to-Peer Architecture Case Study: Gnutella Network, University of Chicago, Department of Computer Science, 2001. [19] E. Athanasopoulos, K.G. Anagnostakis, and E.P. Markatos, Misusing unstructured p2p systems to perform dos attacks: The network that never forgets, Lecture Notes in Computer Science, vol. 3989, p. 130, 2006. [20] D. Zeinalipour-yazti, Exploiting the security weaknesses of the Gnutella protocol, Course Project for Seminar in Computer Security at University of California - Riverside, Department of Computer Science, March 2002. [21] P. Maymounkov and D. Mazieres, Kademlia: A peer-to-peer information system based on the xor metric, First International Workshop on Peer-to-Peer Systems, pp. 53–65, 2002. [22] A. Rowstron and P. Druschel, Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems, IFIP/ACM Int. Conf. on Distributed Systems Platforms (Middleware), pp. 329–350, 2001. [23] B.Y. Zhao, J.D. Kubiatowicz, and A.D. Joseph, Tapestry: a fault-tolerant wide-area application infrastructure, ACM SIGCOMM Computer Communication Review, vol. 32, pp. 81–81, 2002.
[24] Z. Li and X. Chen, Misusing Kademlia protocol to perform DDoS Attacks, IEEE Int. Symp. on parallel and distributed processing with applications, Sydney, Australia, pp. 80–86, 2008. [25] J. Liang, N. Naoumov, and K.W. Ross, The index poisoning attack in p2p file sharing systems, IEEE INFOCOM 2006, Barcelona: 2006. [26] N. Naoumov and K. Ross, Exploiting P2P systems for DDoS attacks, The first Int. Conf. on Scalable information systems (InfoScale '06), NY, USA, pp. 47, 2006. [27] A. Belapurkar et al., Infrastructure-Level threatsand vulnerabilitie, distributed systems security: issues, processes and solutions, Wiley, pp. 71-98, 2009. [28] H. Schulze and K. Mochalski, Internet Study 2008/2009 [Online]. Available: http://www.ipoque.com/resources/internet-studies/ internet-study-2008_2009.pdf [Accessed: October 2009]. [29] Mininova’s torrent downloads double to 7 billion in a year | TorrentFreak [Online]. Available: http://torrentfreak.com/ mininovas -torrent- downloads -doubled-in-a-year-090105/ [Accessed: February 2010]. [30] iMesh Homepage [Online]. Available: http://www.imesh.com/ [Accessed: May 2010]. [31] KaZaA Homepage [Online]. Available: http://www.kazaa.com/ [Accessed: May 2010]. [32] Morpheus [Online]. Available: http://en.wikipedia.org/wiki/ Morpheus_(computer_program) [Accessed: May 2010]. [33] eDonkey network [Online]. Available: http://en.wikipedia.org/ wiki/EDonkey_network [Accessed: May 2010]. [34] Official eMule Homepage. [Online]. Available: http://www. emule-project.net/home/perl/general.cgi?l=1 [Accessed: May 2010]. [35] Overnet [Online]. Available: http://en.wikipedia.org/wiki/ Overnet [Accessed: May 2010]. [36] K.C. Sia, DDoS vulnerability analysis of Bit-Torrent protocol, Technical Report, UCLA: 2006. [37] K. El Defrawy, M. Gjoka, and A. Markopoulou, Bottorrent: Misusing bittorrent to launch ddos attacks, USENIX SRUTI, Santa Clara, 2007. [38] J. Harrington, C. Kuwanoe, and C.C. Zou, A BitTorrent-driven distributed denial-of-service attack, 3rd Int. Conf. on Security and Privacy in Communication Networks, Nice, France: , pp. 17–20.
[39] N. Naoumov and K. Ross, Exploiting p2p systems for ddos attacks, Proc.s of the 1st Int. Conf. on Scalable information systems, Hong Kong, pp. 47-53, 2006.