Poisoning the internet

Standard

This news item struck me as interesting and even borderline alarming – as it suggests that 18% of all traffic (and 41% of UDP traffic) on the Internet is from one attempt to poison BitTorrentnetworks worldwide: a truly extraordinary finding, but one that seems well grounded, at least on first blush.

TCP or not TCP? That is the Question

TCP or not TCP? That is the Question (Photo credit: dullhunk)

For those who do not follow the technology: user datagram protocol (UDP) is the communications protocol used on the internet to deliver higher-speed, lighter weight communications – e.g. streaming audio (IP telephony) and video will be sent by UDP, as if you are watching live video you don’t want to recover old frames that did not get there the first time – you just skip them and move on to the next. BitTorrent uses UDP to share files – probably most often used to unlawfully spread copyright protected material but also used quite legitimately and lawful to share large files (BitTorrent is a peer-to-peer system that sees downloaders also help spread the sourced material by “re-seeding” the bits of the file already downloaded with other users).

If 18% of internet traffic is really from just from one – broken – source, as CERT Polska suggest – then plainly the scope to destroy the whole internet through congestion by deploying a few dozen similar attacks must be huge. Of course – such attacks could then be stopped by ISPs choking off BitTorrent traffic – which is perhaps what the attackers really want.

Personally, though, I’d suggest this is more likely to be some Russian gang flexing their muscles – the file which is nominally being shared by the broken BitTorrent is a movie about the August 2008 warbetween Georgia and Russia – a favourite subject for Russian crackers – who frequently mount denial of service attacks on Georgian and pro-Georgian government internet sites.