[Dshield] Are P2P applications worth the risk?

Johannes Ullrich jullrich at euclidian.com
Tue Oct 7 17:39:20 GMT 2003

> Are P2P applications worth the risk?

no ;-)

I don't think P2P applications should be permitted in corporate
networks. For home use, I guess its up for the individual users to make
the decision (for myself, I am not using P2P apps).

First of all, why would you use P2P applications? There may be a few
legitimate business cases. For example, I have used bit torrent in the
past to download Linux distros. However, there are few legit
applications of P2P, in particular in a business context.

Even if a P2P application is used to exchange legit files, it should be
treated as a 'server' with all the associated risks. If you allow P2P
within a company, you may as well permit all employees to run their own
public web/ftp (MSFT file sharing) server. So the risk is high and
unlikely to outweigh the benefit.

As an outsider (as I stated, I hardly use P2P apps), what are people
using them for? My impression is that the main use of P2P is the
exchange of music/software. Can some users of P2P comment if there is
any interesting (and non copyrighted) material available via P2P? I do
see that point behind P2P (like bit torrent) to spread the load to
access large files. But are there that many files I want to share with
the world.

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net

More information about the list mailing list