Security Aspects of Napster and Gnutella Steven M

  • Slides: 25
Download presentation
Security Aspects of Napster and Gnutella Steven M. Bellovin smb@research. att. com http: //www.

Security Aspects of Napster and Gnutella Steven M. Bellovin [email protected] att. com http: //www. research. att. com/~smb 1

Common Functions l l l Share files. Peer-to-peer – files don’t reside on a

Common Functions l l l Share files. Peer-to-peer – files don’t reside on a central server. Each user decides which files to offer to others. Protocol supplies index and connectivity information. Data transfer is end-to-end, and does not use central server. 2

Napster l l Everyone connects to central server. Server compiles and distributes index. Server

Napster l l Everyone connects to central server. Server compiles and distributes index. Server also provides “chat room” function – independent of file-sharing aspect. Protocol details reverse-engineered. 3

Gnutella l l l No central server. No index. Users send queries to a

Gnutella l l l No central server. No index. Users send queries to a neighbor; neighbors answer if they can, and also forward query to their neighbors. – Note: must know DNS name or IP address of some starting point. l l Client retrieves file directly from one answerer. Open protocol specification. 4

Gnutella Protocol Details l Simple protocol: 5 messages. – Ping, pong, push, query hits.

Gnutella Protocol Details l Simple protocol: 5 messages. – Ping, pong, push, query hits. l l l Uses “flooding protocol” – speak to all neighbors. HTTP used for actual content transfer. No login, no authentication, no central authority of any type. 5

Gnutella Topology 6

Gnutella Topology 6

Common Header l 16 -byte Windows GUID – Clients must drop messages if GUID

Common Header l 16 -byte Windows GUID – Clients must drop messages if GUID seen recently. l l Message type. Time-to-live (limits maximum spread of message). Hop count – how far away the sender is. Payload length. 7

Ping and Pong l l Used for topology discovery – ask who’s out there.

Ping and Pong l l Used for topology discovery – ask who’s out there. Nodes that choose to reply with their IP address, plus the amount of data they’re sharing. Provides new connection points for nodes. But what if they lie about their IP address? 8

Query and Query Reply l l Query lists search terms, minimum server speed acceptable.

Query and Query Reply l l Query lists search terms, minimum server speed acceptable. Query response gives IP address, port, speed, files that satisfy query, GUID of querier. – Querier then connects to offerer and requests file. 9

Push l l l Intended to bypass firewall – you can’t serve a file

Push l l l Intended to bypass firewall – you can’t serve a file if you’re behind a firewall. If requester can’t connect, it sends a “push” command instead, with its IP address and port number. Offerer does an outbound connect to that host, and sends the file. 10

Gnutella Analysis l l Gives away topology information. Hard to control via firewalls. Unchecked

Gnutella Analysis l l Gives away topology information. Hard to control via firewalls. Unchecked IP address and port number announcements can be used to generate flooding attacks, and possibly worse. GUID may be usable to trace back Gnutella messages. 11

GUID Tracing l l l On Windows 95, 98, NT, GUID contains the hardware

GUID Tracing l l l On Windows 95, 98, NT, GUID contains the hardware MAC address, which is constant over time. Privacy violation – can be used to link requests over time. Windows 2000 (and the UNIX clients I’ve looked at) use random-appearing GUIDs. – Is there some hidden linkage? 12

Leakage l l l Announces IP addresses. Appears to announce full path names. Announces

Leakage l l l Announces IP addresses. Appears to announce full path names. Announces Gnutella topology, which may (or may not) reflect real-world patterns of association. Can use any port number – hard to detect, hard to control outbound via firewalls. Nosy node can record queries, responses. 13

Flooding l Pong messages contain IP addresses and port numbers – will other nodes

Flooding l Pong messages contain IP addresses and port numbers – will other nodes autoconnect? – What if a node claims to be port 80 on www. cnn. com? l Query/Push pair is worse – an attacker can induce many sites to try to send a large file to some arbitrary destination. – Similar to “FTP Bounce” attack. 14

Content Issues l l l What if I send you fake content? What if

Content Issues l l l What if I send you fake content? What if I send obscene content in response to innocent queries? Note: falsely advertising a high-speed link can be used to attract clients. 15

UI Issues l l l Gnutella can be used to share arbitrary files. Some

UI Issues l l l Gnutella can be used to share arbitrary files. Some UIs provide an easy way to open files. Is this mechanism safe? How does it decide how to open a file? If done wrong, this is as dangerous as email attachments. – Can I get a. EXE or a. VBS file when I asked for an MP 3? l Again, fake line speed announcements can be used to attract clients. 16

Napster Protocol Details l l Complex client/server protocol with central site. Users can register,

Napster Protocol Details l l Complex client/server protocol with central site. Users can register, log in, etc. – Registration message includes age, income, and education… – Central site can bounce users, ban them, etc. l l Different message groups for chat rooms, searching/browsing, upload/download. File transfer is direct, and doesn’t go through napster. com’s site. 17

Napster Topology napster. com 18

Napster Topology napster. com 18

Searching and Indexing l Client sends search or browse requests to central site. –

Searching and Indexing l Client sends search or browse requests to central site. – Can browse some other user’s files. – Response come back from central site. l l Only explicitly-shared files should be retrievable. Only handles MP 3. – “Wrapster” can package other file types in MP 3 envelope. 19

Chat Rooms l Conversations among users. – Nominally moderated. l All traffic flows too/from

Chat Rooms l Conversations among users. – Nominally moderated. l All traffic flows too/from central site. – Central site not working that well right now – there are several servers that don’t share status information. l l Multiple topics, etc. Clients can have “hot lists” of their friends. – Privacy issues? 20

File Transfers l l Transfer request goes to central site. Data transfer is direct.

File Transfers l l Transfer request goes to central site. Data transfer is direct. – Client and server both notify central site of status, to support load limits. l l Clients can use any port numbers. Firewall bypass mechanisms – reverse who does active connect. 21

UI Issues l Less opportunity for auto-exec of nasty programs. – What if Wrapster

UI Issues l Less opportunity for auto-exec of nasty programs. – What if Wrapster functionality becomes common? l Is browsing more intrusive than query/response? 22

Napster Analysis l l Much harder for clients to lie – can’t give fake

Napster Analysis l l Much harder for clients to lie – can’t give fake IP addresses, port numbers, etc. Central site can exert much more control. Privacy issues – central site knows (almost) all. Fake content and fake line speed attacks still apply – but in theory, are more traceable. 23

Napster versus Gnutella l l Napster is more centralized – easier to monitor and

Napster versus Gnutella l l Napster is more centralized – easier to monitor and control, for good or bad purposes. Gnutella can probably scale further if better topology reconstruction algorithms are developed. Only Gnutella can easily share arbitrary files – but that’s a likely growth direction for Napster. Gnutella is probably the style of the future – avoid central sites. 24

Implementation Concerns l Both can have bugs, including buffer overflows – and bugs are

Implementation Concerns l Both can have bugs, including buffer overflows – and bugs are the biggest cause of security problems. – Some Gnutella clones are poorly written. l Both have direct user-to-user communication – can raise privacy issues. 25

Security Aspects SECURITY ASPECTS Three Security Aspects EncryptionSecurity Aspects SECURITY ASPECTS Three Security Aspects Encryption
An Overview of Gnutella 1 History The GnutellaAn Overview of Gnutella 1 History The Gnutella
Gnutella 2 GNUTELLA A Summary Of The ProtocolGnutella 2 GNUTELLA A Summary Of The Protocol
Gnutella 2 A Better Gnutella COMP 5204 DataGnutella 2 A Better Gnutella COMP 5204 Data
Napster and Limewire p 2 p Presented byNapster and Limewire p 2 p Presented by
The Napster Software And The Worlds Reaction toThe Napster Software And The Worlds Reaction to
Lezione 4 Napster e P 2 P SistemiLezione 4 Napster e P 2 P Sistemi
NAPSTER AIMSTER Pamela Samuelson SIMS 296 A2 PNAPSTER AIMSTER Pamela Samuelson SIMS 296 A2 P
Chapter 10 Peertopeer systems 1 Outline Introduction NapsterChapter 10 Peertopeer systems 1 Outline Introduction Napster
Other File Systems AFS Napster Recap NFS ServerOther File Systems AFS Napster Recap NFS Server
Peer to Peer Information Retrieval Going beyond NapsterPeer to Peer Information Retrieval Going beyond Napster
Copyright Infringement AM RECORDS Inc v Napster ClassCopyright Infringement AM RECORDS Inc v Napster Class
Rich Picture of Napster Server 1 Server 2Rich Picture of Napster Server 1 Server 2
AM Records Inc v Napster Inc AM RecordsAM Records Inc v Napster Inc AM Records
Napster i MP 3 Igor Orwat 2021 02Napster i MP 3 Igor Orwat 2021 02
MP 3 und Napster Prsentation von Gerold LaimerMP 3 und Napster Prsentation von Gerold Laimer
PeertoPeer and Social Networks An overview of GnutellaPeertoPeer and Social Networks An overview of Gnutella
Gnutella and JXTA Based on Ivkovics paper ImprovingGnutella and JXTA Based on Ivkovics paper Improving
PeertoPeer and Social Networks An overview of GnutellaPeertoPeer and Social Networks An overview of Gnutella
Gnutella Freenet and Peer to Peer Networks ByGnutella Freenet and Peer to Peer Networks By
Professor Steven Litt Strategy Steven Avatars serve manyProfessor Steven Litt Strategy Steven Avatars serve many
Steven Donohue EMTAS steven donohuewiltshire gov uk 01225Steven Donohue EMTAS steven donohuewiltshire gov uk 01225
steven lee M S Pathology FTCC steven leesteven lee M S Pathology FTCC steven lee
steven borgnwcadence com Steven Borgnwcadence com Demos Appsteven borgnwcadence com Steven Borgnwcadence com Demos App
Steven Weaver Steven W MATHEW CHARLES SANDERS PRESENTATIONSteven Weaver Steven W MATHEW CHARLES SANDERS PRESENTATION
steven borgnwcadence com http aka mstechedeu Steven Borgnwcadencesteven borgnwcadence com http aka mstechedeu Steven Borgnwcadence
QueryFlood Do S Attacks in Gnutella by AndreasQueryFlood Do S Attacks in Gnutella by Andreas
Improving Gnutella Willy Henrique Suberli Seminar in DistributedImproving Gnutella Willy Henrique Suberli Seminar in Distributed
Simulating Gnutella 0 6 Student Project Final PresentationSimulating Gnutella 0 6 Student Project Final Presentation
On the Longterm Evolution of the TwoTier GnutellaOn the Longterm Evolution of the TwoTier Gnutella
An overview of Gnutella 1 A generic viewAn overview of Gnutella 1 A generic view
Seminar Information Management in the Web Gnutella FreenetSeminar Information Management in the Web Gnutella Freenet
A look at PeertoPeer File Sharing with GnutellaA look at PeertoPeer File Sharing with Gnutella
Characterizing Files in the Modern Gnutella Network ACharacterizing Files in the Modern Gnutella Network A
Improving Performance in the Gnutella Protocol Jonathan HessImproving Performance in the Gnutella Protocol Jonathan Hess
Gnutella Searching Algorithms in Unstructured PeertoPeer Networks CSGnutella Searching Algorithms in Unstructured PeertoPeer Networks CS
GPU a Gnutella Processing Unit an extensible PGPU a Gnutella Processing Unit an extensible P
QueryFlood Do S Attacks In Gnutella Neil DaswaniQueryFlood Do S Attacks In Gnutella Neil Daswani
l 1999InternetNapster 5000 l Gnutella Ka Za Al 1999InternetNapster 5000 l Gnutella Ka Za A
Unstructured P 2 P networks by example GnutellaUnstructured P 2 P networks by example Gnutella