Peer to Peer Networks Skype

1
Peer to Peer NetworksSkype GnutellaNetwork
Security Vulnerabilites

• TDC 477
• Autumn 2006
• Greg Belden

2
Skype Network Structure

• Attack
• Virus Infected PC registers w/network
• Skype Client opens TCP, UDP port establishes
  virtual connection
• Port number is chosen at random
• Port hops to traverse firewall
• Detection
• Payload signature require high speed processing
• Skype encrypted protocol proprietary
• Behavioral signature
• social level (hosts communicated with)
• Functional level (servers vs clients vs peer
  nodes)
• Application level transport interactions
  between hosts
• Other specific dynamics intent to identify
  application of origin

X
Virus infected PC registers with network
3
Gnutella

• Attack
• Pong - response to ping
• Announces servents IP address, port number
• Gnutella servent Gnucleus
• Allows embed of another IP address in outgoing
  pong, queryhit and push packets
• Embedded target IP address appear to be a peer on
  network
• Result in target IP address receiving numerous
  connection attempts
• Coordinator is anonymous
• Does not have to communicate with attackers or
  target
• Mitigation
• Modify Gnutella servents to not connect to
  advertised IP addresses if corresponding port no.
  is lt 1024.
• Remove GUI screen that allows embed of arbitrary
  IP address
• Enhance protocol at connection servent finds
  that it does not successfully establish
  connection IP address is bogus.

4
References

• Skype Detection Traffic Classification in the
  Dark, Antonio Nucci, CTO Narus, 2006 Converge
  Network Digest, Converge! Media Ventures, Inc.
• http//www.convergedigest.com/bp-c2p/bp1.asp?ID3
  73ctgy
• Anonymously Launching a DDoS Attack via the
  Gnutella Network, written by have2Banonymous,
  1st June 2002, AusCERT (Australian Computer
  Emergency Response Team)
• http//www.auscert.org.au/render.html?it2404tem
  plate1