Security vendor Damballa has reported a significant increase in malware using P2P communications, which is difficult...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
for enterprises to spot using typical network detection methods. Could you provide some network detection techniques that are effective against malicious P2P traffic?
There has been a significant increase in malware using P2P communications, but at the same time there has also been an increase in the overall number of network applications that are using P2P communications. This increase in P2P malware could be attributed to difficulties with firewalls, bandwidth concerns for central nodes or distrust of centralized communications. Many applications have opted to use P2P communications for host-to-host communications after the other host is identified via a central node, fast-flux domain name, broadcast or scanning. Due to the increased popularity in this, malware has inevitably evolved to also utilize these techniques.
P2P communications technology has been around since at least 1998. It was first used by Skype for voice calls, but Skype also relied on supernodes to find other peers. Connecting to a supernode, fast-flux domain or scanning can make the malware easier to analyze from the network perspective because endpoints don't typically contact a large number of external systems, which helps identify the malicious network activity.
Effective network detection techniques against malicious P2P traffic have been around since network appliances were introduced to combat malware. These include network traffic shapers like Packeteer, antimalware network appliances like Actiance andnext-generation firewalls like Palo Alto. Most of the network tools have fingerprinted the network signatures of the network or use anomaly detection to identify connections that look suspicious.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how ...continue reading
The SQL Slammer worm has re-emerged to attack a vulnerability in Microsoft SQL Server 2000. Expert Nick Lewis explains what enterprises can do to ...continue reading
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.