1 Security Aspects of Napster and Gnutella Steven M. Bellovin

Slides:



Advertisements
Similar presentations
Peer-to-peer and agent-based computing P2P Algorithms.
Advertisements

INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 12 Prof. Crista Lopes.
Internetworking II: MPLS, Security, and Traffic Engineering
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
CCNA – Network Fundamentals
PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,
Design and Implementation of HTTP-Gnutella Gateway Baoning Wu (baw4) Wei Zhang (wez5) CSE Department Lehigh University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Gnutella 2 GNUTELLA A Summary Of The Protocol and it’s Purpose By
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Evaluation of Ad hoc Routing Protocols under a Peer-to-Peer Application Authors: Leonardo Barbosa Isabela Siqueira Antonio A. Loureiro Federal University.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
1 Seminar: Information Management in the Web Gnutella, Freenet and more: an overview of file sharing architectures Thomas Zahn.
Improving Data Access in P2P Systems Karl Aberer and Magdalena Punceva Swiss Federal Institute of Technology Manfred Hauswirth and Roman Schmidt Technical.
PRASHANTHI NARAYAN NETTEM.
1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Gursharan Singh Tatla Transport Layer 16-May
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
P2P File Sharing Systems
Electronic Mail (SMTP, POP, IMAP, MIME)
Freenet. Anonymity  Napster, Gnutella, Kazaa do not provide anonymity  Users know who they are downloading from  Others know who sent a query  Freenet.
Peer-to-Peer Computing CS587x Lecture Department of Computer Science Iowa State University.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
1 Napster & Gnutella An Overview. 2 About Napster Distributed application allowing users to search and exchange MP3 files. Written by Shawn Fanning in.
Introduction Widespread unstructured P2P network
Network Address Translation (NAT) CS-480b Dick Steflik.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Welcome Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
1 Reading Report 4 Yin Chen 26 Feb 2004 Reference: Peer-to-Peer Architecture Case Study: Gnutella Network, Matei Ruoeanu, In Int. Conf. on Peer-to-Peer.
1 Telematica di Base Applicazioni P2P. 2 The Peer-to-Peer System Architecture  peer-to-peer is a network architecture where computer resources and services.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Application Layer Functionality and Protocols Network Fundamentals.
TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
GNUTELLA PEER-TO-PEER NETWORKING. GNUTELLA n What is Gnutella n Relation to the World Wide Web n How it Works n Sites / Links / Information.
Fundamentals of Computer Networks ECE 478/578 Lecture #19: Transport Layer Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.
P2PComputing/Scalab 1 Gnutella and Freenet Ramaswamy N.Vadivelu Scalab.
By Jonathan Drake.  The Gnutella protocol is simply not scalable  This is due to the flooding approach it currently utilizes  As the nodes increase.
The Client-Server Model And the Socket API. Client-Server (1) The datagram service does not require cooperation between the peer applications but such.
Peer-to-Peer By Rui Zhang, Chen Teng, Li Dong, Quanshuan He & Yongzheng Zhang.
ADVANCED COMPUTER NETWORKS Peer-Peer (P2P) Networks 1.
Web Services. 2 Internet Collection of physically interconnected computers. Messages decomposed into packets. Packets transmitted from source to destination.
Lecture 6 Networked Systems Network Operating Systems Introduction to Sockets HTTP – FTP – TCP - UDP Client-Server Model.
Peer-to-peer systems (part I) Slides by Indranil Gupta (modified by N. Vaidya)
Peer to Peer Computing. What is Peer-to-Peer? A model of communication where every node in the network acts alike. As opposed to the Client-Server model,
A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks E. Damiani S. De Capitani di Vimercati S. Paraboschi P. Samarati F.
CS Spring 2014 CS 414 – Multimedia Systems Design Lecture 37 – Introduction to P2P (Part 1) Klara Nahrstedt.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.
Role Of Network IDS in Network Perimeter Defense.
Netprog: Chat1 Chat Issues and Ideas for Service Design Refs: RFC 1459 (IRC)
Process-to-Process Delivery:
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Skype.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Ahoy: A Proximity-Based Discovery Protocol Robbert Haarman.
Chat Refs: RFC 1459 (IRC).
A Distributed DoS in Action
Presentation transcript:

1 Security Aspects of Napster and Gnutella Steven M. Bellovin

2 Common Functions l Share files. l Peer-to-peer – files don’t reside on a central server. l Each user decides which files to offer to others. Protocol supplies index and connectivity information. Data transfer is end-to-end, and does not use central server.

3 Napster l Everyone connects to central server. l Server compiles and distributes index. l Server also provides “chat room” function – independent of file-sharing aspect. l Protocol details reverse-engineered.

4 Gnutella l No central server. l No index. l Users send queries to a neighbor; neighbors answer if they can, and also forward query to their neighbors. –Note: must know DNS name or IP address of some starting point. l Client retrieves file directly from one answerer. l Open protocol specification.

5 Gnutella Protocol Details l Simple protocol: 5 messages. –Ping, pong, push, query, query hits. l Uses “flooding protocol” – speak to all neighbors. l HTTP used for actual content transfer. l No login, no authentication, no central authority of any type.

6 Gnutella Topology

7 Common Header l 16-byte Windows GUID –Clients must drop messages if GUID seen recently. l Message type. l Time-to-live (limits maximum spread of message). l Hop count – how far away the sender is. l Payload length.

8 Ping and Pong l Used for topology discovery – ask who’s out there. l Nodes that choose to reply with their IP address, plus the amount of data they’re sharing. l Provides new connection points for nodes. l But what if they lie about their IP address?

9 Query and Query Reply l Query lists search terms, minimum server speed acceptable. l Query response gives IP address, port, speed, files that satisfy query, GUID of querier. –Querier then connects to offerer and requests file.

10 Push l Intended to bypass firewall – you can’t serve a file if you’re behind a firewall. l If requester can’t connect, it sends a “push” command instead, with its IP address and port number. l Offerer does an outbound connect to that host, and sends the file.

11 Gnutella Analysis l Gives away topology information. l Hard to control via firewalls. l Unchecked IP address and port number announcements can be used to generate flooding attacks, and possibly worse. l GUID may be usable to trace back Gnutella messages.

12 GUID Tracing l On Windows 95, 98, NT, GUID contains the hardware MAC address, which is constant over time. l Privacy violation – can be used to link requests over time. l Windows 2000 (and the UNIX clients I’ve looked at) use random-appearing GUIDs. –Is there some hidden linkage?

13 Leakage l Announces IP addresses. l Appears to announce full path names. l Announces Gnutella topology, which may (or may not) reflect real-world patterns of association. l Can use any port number – hard to detect, hard to control outbound via firewalls. l Nosy node can record queries, responses.

14 Flooding l Pong messages contain IP addresses and port numbers – will other nodes auto- connect? –What if a node claims to be port 80 on l Query/Push pair is worse – an attacker can induce many sites to try to send a large file to some arbitrary destination. –Similar to “FTP Bounce” attack.

15 Content Issues l What if I send you fake content? l What if I send obscene content in response to innocent queries? l Note: falsely advertising a high-speed link can be used to attract clients.

16 UI Issues l Gnutella can be used to share arbitrary files. l Some UIs provide an easy way to open files. l Is this mechanism safe? How does it decide how to open a file? If done wrong, this is as dangerous as attachments. –Can I get a.EXE or a.VBS file when I asked for an MP3? l Again, fake line speed announcements can be used to attract clients.

17 Napster Protocol Details l Complex client/server protocol with central site. l Users can register, log in, etc. –Registration message includes age, income, and education… –Central site can bounce users, ban them, etc. l Different message groups for chat rooms, searching/browsing, upload/download. l File transfer is direct, and doesn’t go through napster.com’s site.

18 Napster Topology napster.com

19 Searching and Indexing l Client sends search or browse requests to central site. –Can browse some other user’s files. –Response come back from central site. l Only explicitly-shared files should be retrievable. l Only handles MP3. –“Wrapster” can package other file types in MP3 envelope.

20 Chat Rooms l Conversations among users. –Nominally moderated. l All traffic flows too/from central site. –Central site not working that well right now – there are several servers that don’t share status information. l Multiple topics, etc. l Clients can have “hot lists” of their friends. –Privacy issues?

21 File Transfers l Transfer request goes to central site. l Data transfer is direct. –Client and server both notify central site of status, to support load limits. l Clients can use any port numbers. l Firewall bypass mechanisms – reverse who does active connect.

22 UI Issues l Less opportunity for auto-exec of nasty programs. –What if Wrapster functionality becomes common? l Is browsing more intrusive than query/response?

23 Napster Analysis l Much harder for clients to lie – can’t give fake IP addresses, port numbers, etc. l Central site can exert much more control. l Privacy issues – central site knows (almost) all. l Fake content and fake line speed attacks still apply – but in theory, are more traceable.

24 Napster versus Gnutella l Napster is more centralized – easier to monitor and control, for good or bad purposes. l Gnutella can probably scale further if better topology reconstruction algorithms are developed. l Only Gnutella can easily share arbitrary files – but that’s a likely growth direction for Napster. l Gnutella is probably the style of the future – avoid central sites.

25 Implementation Concerns l Both can have bugs, including buffer overflows – and bugs are the biggest cause of security problems. –Some Gnutella clones are poorly written. l Both have direct user-to-user communication – can raise privacy issues.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.