Exploiting KAD: Possible Uses and Misuses

By: 
Moritz Steiner, Taoufik En-Najjary, and Ernst W. Biersack
Appears in: 
CCR October 2007

Peer-to-peer systems have seen a tremendous growth in the last few years and peer-to-peer traffic makes a major fraction of the total traffic seen in the Internet. The dominating application for peer-to-peer is file sharing. Some of the most popular peer-to-peer systems for file sharing have been Napster, FastTrack, BitTorrent, and eDonkey, each one counting a million or more users at their peak time.

We got interested in kad, since it is the only DHT that has been part of very popular peer-to-peer system with several million simultaneous users. As we have been studying kad over the course of the last 18 months we have been both, fascinated and frightened by the possibilities kad offers. Mounting a Sybil attack is very easy in kad and allows to compromise the privacy of kad users, to compromise the correct operation of the key lookup and to mount DDOS with very little resources.

In this paper, we will relate some of our findings and point out how kad can be used and misused.