Peer-to-Peer Systems as Attack Platform for Distributed Denial-of-Service Arno Wagner, Bernhard Plattner Swiss Federal Institute of Technology Zurich, Computer Engineering and Networks Laboratory {wagner,plattner}@tik.ee.ethz.ch Corresponding Author: Arno Wagner, TIK, ETH Zurich, Gloriastr. 35, CH-8092 Zurich, Phone: +41 1 632 7004, Fax: +41 1 632 1035 Keywords: Distributed Denial of Service, Peer- to-Peer Systems Abstract Distributed Denial-of-Service attacks are an ef- fective means to make a service unavailable, mask other attack activities and generally de- grade or disrupt network functionality. The key characteristic is that analysis of and defence against this attack type is difficult because of the high number of attacking hosts and large amount of attack traffic that can be generated. The emerging Peer-to-Peer filesharing systems have characteristics that turn them into an at- tractive infrastructure that can be used as attack platform. Attackers that can compromise a P2P system can expect benefits such as a large num- ber of participants, easy hiding of attack control traffic and good, global distribution of partici- pating hosts. This gives attackers high flexibility and at the same time a smal risk of being iden- tified. This paper explains these characteristics in detail and concludes that further research into this threat and into possible countermeasures is urgently needed. 1 Introduction Denial-of-Service (DoS) is, as the name says, an attack type where a service is disrupted by the attack. A service can be a single server, e.g. a webserver, a service offered by a group of hosts or network connectivity itself. One of the easiest techniques to implement a DoS attack is to flood the target (be it network or host) with traffic so that non-attack traffic has only a small chance to get through. The disruption can be used for its own value in performing sabotage, but also as part of a more complex attack that depends on the unavailability of a service. Distributed Denial-of-Service (DDoS) is an im- proved attack method where the attack comes from a large number of hosts, that are ideally dis- tributed over many different places. The num- ber of attacking hosts can reach into the millions, enough to seriously impact even large bandwidth Internet backbones. While there are other kinds of (D)DoS attacks than the overload-type, it is a variant that is easy to design and implement. It needs only very lit- tle specific knowledge about the attacked target and the security of the target does not need to be compromised. Countermeasures to DDoS at- tacks are a current research topic and the prob- lem is far from being solved. The application of DDoS attacks to vandalism or terrorism is obvious: Decrease the public feel- ing of safety by making critical (or perceived to be critical) Internet infrastructure unavailable for some time. In addition DDoS attacks can be used to facilitate or mask other attacks, e.g. 1