Abstract
We show that malicious participants in a peer-to-peer system can subvert its membership management mechanisms to create large-scale DDoS attacks on nodes not even part of the overlay system. The attacks exploit many fundamental design choices made by peer-to-peer system designers such as (i) use of push-based mechanisms; (ii) use of distinct logical identifier (e.g. IDs in a DHT) corresponding to the same physical identifier (e.g., IP address), typically to handle hosts behind NATs; and (iii) inadequate or poorly designed mechanisms to validate membership information. We demonstrate the significance of the attacks in the context of mature and extensively deployed peer-to-peer systems with representative and contrasting membership management algorithms - DHT-based Kad and gossip-based ESM.