Peer-to-Peer Netw Appl (2010) 3:36–51 DOI 10.1007/s12083-009-0046-6 On the feasibility of exploiting P2P systems to launch DDoS attacks Xin Sun · Ruben Torres · Sanjay G. Rao Received: 7 November 2008 / Accepted: 25 March 2009 / Published online: 23 April 2009 © Springer Science + Business Media, LLC 2009 Abstract We show that malicious nodes in a peer-to- peer (P2P) system may impact the external Internet environment, by causing large-scale distributed denial of service (DDoS) attacks on nodes not even part of the overlay system. This is in contrast to attacks that disrupt the normal functioning, and performance of the overlay system itself. We demonstrate the significance of the at- tacks in the context of mature and extensively deployed P2P systems with representative and contrasting mem- bership management algorithms—Kad, a DHT-based file-sharing system, and ESM, a gossip-based video broadcasting system. We then present an evaluation study of three possible mitigation schemes and discuss their strength and weakness. These schemes include (i) preferring pull-based membership propagation over push-based; (ii) corroborating membership information through multiple sources; and (iii) bounding multiple references to the same network entity. We evaluate the schemes through both experiments on PlanetLab with real and synthetic traces, and measurement of the real deployments. Our results show the potential of the schemes in enhancing the DDoS resilience of P2P systems, and also reveal the weakness in the schemes and regimes where they may not be sufficient. X. Sun (B ) · R. Torres · S. G. Rao Purdue University, 465 Northwestern Avenue, West Lafayette, IN 47907, USA e-mail: sun19@purdue.edu R. Torres e-mail: rtorresg@purdue.edu S. G. Rao e-mail: sanjay@purdue.edu Keywords Peer-to-Peer · Security · DDoS · Evaluation · Measurement 1 Introduction Peer-to-peer (P2P) systems are rapidly maturing from being narrowly associated with copyright violations, to a technology that offers tremendous potential to deploy new services over the Internet. The recently released Windows Vista is equipped with its own, under-the- hood P2P networking system [3], and several commer- cial efforts are exploring the use of P2P systems for live media streaming [4, 15, 16]. Recent studies [9] indicate that over 60% of network traffic is dominated by P2P systems, and the emergence of these systems has dras- tically affected traffic usage and capacity engineering. With the proliferation of P2P systems, it becomes critical to consider how they can be deployed in a safe, secure and robust manner, and understand their im- pact on an Internet environment already suffering from several security problems. P2P systems enable rapid deployment by moving functionality to end-systems. However, they are vulnerable to insider attacks coming from (potentially colluding) attackers that infiltrate the overlay or compromise member nodes. Several works [8, 12, 32, 33, 38] have studied how malicious nodes in a P2P system may disrupt the normal functioning, and performance of the system itself. In this paper, however, we focus on attacks where mali- cious nodes in a P2P system may impact the external In- ternet environment, by causing large-scale distributed denial of service (DDoS) attacks on nodes not even part of the overlay system. In particular, an attacker could subvert membership management mechanisms,