aMule Forum

English => aMule Help => Topic started by: Ezeltje on July 03, 2011, 01:30:30 PM

Title: KAD and botnet
Post by: Ezeltje on July 03, 2011, 01:30:30 PM

Hi all,

Has anyone else seen this article? 4 million strong Alureon P2P botnet "practically indestructible" (http://arstechnica.com/security/news/2011/07/4-million-strong-alureon-botnet-practically-indestructable.ars). Note in particular this:

Quote

The most significant feature, however, is the inclusion of peer-to-peer technology in the latest version of the botnet's code. The rootkit uses the Kad peer-to-peer network, used by filesharing software eMule, to communicate between nodes. Using Kad, the botnet creates its own network of infected computers, allowing the machines to communicate with each other without relying on a central server.

Now, I have no idea whether this is related, but I recently had to disable KAD in aMule as my router ADSL modem stop being able to handle the traffic. The issue wasn't bandwidth, AFAICT, but open connections or something. My ZyXtel was literally choking, even though I was delegating only 30% of my upstream bandwith to aMule, with max. 178 connections in Preferences --> Connection.

Has anyone else seen any thing unusual with KAD traffic? Any thoughts on the implications of this apparently extremely robust botnet on the aMule/eMule network?

Thanks.

Title: Re: KAD and botnet
Post by: Stu Redman on July 03, 2011, 03:33:45 PM

4 million Kad nodes not actually participating in the Kad search should take down our Kad functionality quickly.
Since it is working fine it must be a different instance of the network not influencing us. (Or they have implemented it fully which is VERY improbable. But would be good for us.  ;) )

Edit: see also http://forum.emule-project.net/index.php?showtopic=153303