P2P 客户机被用于 Dos/拒绝服务 攻击

P2P clients used for DoS attacks
P2P 客户机被用于Dos攻击

Date: May 31st, 2007
Blogger: Tom Olzak
博客：Tom Olzak
翻译：endurer
Category: Security, Cybercrime, Hacking, IT Management, Denial of Service
分类：安全，网络犯罪，黑客，IT管理，拒绝服务攻击
Tags: Denial Of Service, Network, P2P, Attack, Tom Olzak
标签：拒绝服务攻击，网络，P2P，攻击，Tom Olzak
英文出处：http://blogs.techrepublic.com.com/security/?p=240&tag=nl.e101

The frequency and magnitude of peer-to-peer (P2P) enabled denial-of-service (DoS) attacks are increasing, and there seems to be little organizations can do to protect themselves when using traditional approaches to Web site defense.
对等网络(P2P)使用的频率和流行使拒绝服务攻击正在增长。而且看来很少有组织在使用传统方法来给网站做防御时能自我保护。

《endurer注；1。traditional approach:传统方法》

File-sharing P2P networks aren’t new. Their use for sharing all types of media over the Internet caused an explosion in workstation enrollments. It was only a matter of time before cybercriminals began taking advantage of these “public” networks.
文件共享对等网络不是新东东。它们通过Internet用以共享所有类型的媒体，造成工作站注册爆炸。网络罪犯开始利用这些“公共”网络只是只是时间问题。
《endurer注；1。It's only a matter of time.:这只是时间问题
2。a matter of time:某事肯定发生只是时间问题而已
3。take advantage of:利用》

Most P2P networks are based on the DC++ client. Each client in a DC++-based network is listed in a network hub. It is this hub software that is at risk of compromise. Older versions of the hub software allow attackers to instruct registered clients to disconnect from the P2P network and connect to a system at the intended target’s location. This can result in hundreds of thousands of connection attempts sent to a Web server, bringing it to its proverbial knees. According to Fredrik Ullner, a member of the DC++ project, it’s “difficult to impossible” to prevent an attack under these circumstances (Robert Lemos, “Peer-to-peer networks co-opted for DOS attacks,” SecurityFocus, 28 May 2007).
大多数对等网络基于DC++（资源共享大师）客户机。在基于DC++的网络中，每个客户机被列入网络集线器。处境危险的就是这个集线器软件。此集线器软件较早的版本允许攻击者指示注册客户机从P2P网络断开并连接到指定目标所在位置的系统。这能导致成百上千的尝试连接到一个Web服务器，使之屈服。在DC++项目成员之一的Fredrik Ullner看来， 阻止这些环境下的攻击是无法克服的困难。(Robert Lemos, “Peer-to-peer networks co-opted for DOS attacks,” SecurityFocus, 28 May 2007).
《endurer注；1。intended target:指定目标
2。bring to one's knees: 使屈服》

Of course, the solution is to upgrade all network hubs to a nonvulnerable version of the P2P software. However, getting network administrators to take this step is difficult. Further, attackers could circumvent this step by setting up their own hub servers running a vulnerable version, collect the list of network clients, and launch an attack (Lemos).
当然，解决方法是升级所有网络集线器到P2P软件的无缺陷版本。然而，让网络管理采取这一步骤是困难的。再说，攻击者可能通过安装自己的运行有缺陷版本的集线服务器来绕开此步，收集网络客户列表，并发动攻击 (Lemos)。

Detecting a P2P DoS attack is easy; defending against it is difficult. An organization’s perimeter defense devices would be overwhelmed by a large attack. Blocking the large number of source IP addresses is time-consuming and would still slow packet processing to a crawl. One solution is to prevent the packets from reaching a business network in the first place.
P2P拒绝服务攻击检测容易，防御困难。一个机构的周边防御设备会被大型攻击淹没。封锁大量源IP地址耗时并拖慢数据包处理。一个解决方法是抢先防止数据包到达企业网络。

《endurer注；1。in the first place:起初,首先》

Prolexic, for example, has announced a solution for dealing with P2P-based attacks. Once an attack is detected, packets related to the attack are prevented from making it to the perimeter defenses. This type of solution might be the only way to deal with this emerging threat.
例如，Prolexic发布了一个对付基于P2P的攻击的解决方案。一但一个攻击被检测到，与攻击相关的数据名将被阻止到周边防御。这类解决方案可能是对处此类紧急威胁的惟一方法。

《endurer注；1。Prolexic，英国互联网安全公司》