[Dshield] Are P2P applications worth the risk?

Johannes Ullrich jullrich at euclidian.com
Tue Oct 7 17:39:20 GMT 2003


> Are P2P applications worth the risk?

no ;-)

I don't think P2P applications should be permitted in corporate
networks. For home use, I guess its up for the individual users to make
the decision (for myself, I am not using P2P apps).

First of all, why would you use P2P applications? There may be a few
legitimate business cases. For example, I have used bit torrent in the
past to download Linux distros. However, there are few legit
applications of P2P, in particular in a business context.

Even if a P2P application is used to exchange legit files, it should be
treated as a 'server' with all the associated risks. If you allow P2P
within a company, you may as well permit all employees to run their own
public web/ftp (MSFT file sharing) server. So the risk is high and
unlikely to outweigh the benefit.

As an outsider (as I stated, I hardly use P2P apps), what are people
using them for? My impression is that the main use of P2P is the
exchange of music/software. Can some users of P2P comment if there is
any interesting (and non copyrighted) material available via P2P? I do
see that point behind P2P (like bit torrent) to spread the load to
access large files. But are there that many files I want to share with
the world.


-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list