This has been a few years in my mind, and have been not sure what to do about it, didn’t know wether to publish or not it (to prevent abuse), but, as of now, after reading something in this line, I’ve decided to publish it.
A few (several… getting old has this…) when I was more into security, I devised an attack vector intended to create a smoke-screen to cover attacks (or tries). The concept was very simple, to direct people (unsuspicious users) to open several ports at the target machine. As of then (circa 1999) the only method I conceived was rather simple (and ineffective): create a “popular” web page, with 1 pixel images with SRC equal the target machine port. How to make a page popular was another story (maybe publishing a lot of free porn or free music could do the trick).
A few years later, i.e. around 2004, I conceived a new variation of the attack (the intention was still the same: smoke-screen a real attack), this time using P2P networks. The idea is rather simple, using P2P protocols ability to exchange sources between users (I conceived it for gnutella then, now for BT), I could easy inject into unsuspicious users the fake information I wanted, directing them to open connections to the target machine.
In fact, the idea behind those techniques was to cover the real attack between a lot of connections coming from hundreds of sources at random. It is at around 2007 or so that I realized that bad guys could easily exploit that technique to create a DDoS attack, so I decided to shut my mouth, hope for nobody to implement such attack, and continue with bussiness as usual. Now, 2010, after the first real “wars” on the Internet, the attacks against Wikileaks and the retaliation that followed soon after against VISA, Mastercard, etc. I realized that the attack was to be “discovered” sooner or later, if it hadn’t been discovered and used already. Then I decided (December 2010) to prepare a PoC for http://www.blackhat.com/html/bh-eu-10/bh-eu-10-home.html and try to think how to protect against an attack of that type (both for the target and how to avoid fake information dissemination on P2P networks), it’s a painful project, I’m not on security anymore (my research is on artificial intelligence as of now….). Now, having seen a comment on the net of an idea similar to that (using DHT, one of my intended dissemination vectors), I decided to publish now this (hoping somebody will come with a prevention mechanism).
In fact, I will continue writing (and developing) what I had designed for BlackHat, not to use it as a DDoS but as a smoke-screen generator, covering your traces on firewall’s logs with hundreds of random connections.