Re: What's on udp/2002 ?

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: Wed Sep 18 2002 - 14:43:34 PDT

Next message: Matthew F. Caldwell: "RE: What's on udp/2002 ?"

Previous message: Johannes Ullrich: "Re: What's on udp/2002 ?"
In reply to: rewtat_private: "Re: What's on udp/2002 ?"
Next in thread: Russell Harding: "Re: What's on udp/2002 ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Anyway, this part of the source might give you a clue...
> 
> --CUT--
> #define PORT            2002
> --CUT--
> 
> It looks like this thing uses port 2002 to communicate in it's
> peer-to-peer way.  ...

This is not directed at the poster I'm quoting, but is a comment 
about terminology use in general.

For better or worse, in the wider computer user community,
"peer-to-peer" has taken on a rather specific meaning.  Thus, while 
it is not technically incorrect to refer to the DDoS agent control
network established by Slapper via UDP port 2002 as "peer-to-peer",
it is also not very helpful should such talk spill into the wider
community (as it is likely to when there are journalists about).

We've already seen such "careless" use of the term get regurgitated 
in the "specialist" IT media with "peer-to-peer" being confounded 
with "P2P", very clearly showing that someone is more than slightly 
confused.  Now, this is bound to be partly because there has not been 
a juicy worm story for weeks -- months even -- but there are other 
forces at work here too.  This terminology was not used in the 
reporting of various earlier DDoS agent networks when DDoS became the 
latest cool thing to talk to the media.  Despite the fact that most 
such DDoS agents maintanined control and even maintenance 
communications over a network similar to that used by Slapper, we did 
not see the term "peer-to-peer" being used nor those DDoS agents 
being confused in any way with the then equivalent of KaZaA.  I hope 
the rather incessant use of "peer-to-peer" in the recent discussion 
of Slapper has not been a deliberate, cynical attempt by those using 
the term to snag media attention...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Matthew F. Caldwell: "RE: What's on udp/2002 ?"
Previous message: Johannes Ullrich: "Re: What's on udp/2002 ?"
In reply to: rewtat_private: "Re: What's on udp/2002 ?"
Next in thread: Russell Harding: "Re: What's on udp/2002 ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 20:00:20 PDT