Toronto Networking Seminar


Organized by Department of Computer Science and Department of Electrical and Computer Engineering, University of Toronto







P2P Doctor: Measurement and Diagnosis of Misconfigured Peer-to-Peer Traffic





Yan Chen


Department of Electrical Engineering and Computer Science


Northwestern University




Date:  Thursday, January  10,  4pm

Location: BA 1180 



Abstract:




In this talk, we will first briefly introduce the Network-based Intrusion
Detection, Prevention and Forensics System that is currently being developed in
the Northwestern Lab of Internet and Security Technology (LIST)
(http://list.cs.northwestern.edu), and then focus on one of its components, P2P
doctor, as described below.


P2P misconfiguration---the phenomenon in which thousands of peers send P2P file
downloading requests to a ``random'' target on the Internet---possibly
triggered by bugs or by malicious reasons, generates large amount of unwanted
traffic. By analyzing three honeynet datasets across four years and across five
different /8 networks, we found that P2P misconfiguration events are remarkably
prevalent. They contribute on an average of about 30% of Internet background
radiation. Surprisingly, this phenomenon is not confined to a single type of
P2P system but includes both global popular ones like BitTorrent, eMule, and
some regional popular protocols from Korea and China.


In this talk, we design "P2P Doctor", a system which diagnoses the root causes
by melding passive monitoring along with real-time active backtracking
automatically. We analyzed hundreds of events for both logged historical events
and real-time ones.  Some of our major findings are as follows. For all the P2P
systems, misconfiguration is caused by the resource mapping uncleanness, i.e.,
the sources returned for a given file ID through P2P indexing are bogus.  We
find that different P2P systems have different reasons of such uncleanness. For
eMule, we found that it is mainly caused by a network byte ordering problem in
the eMule Source Exchange protocol. The protocol switches the byte order for
about 12.7% to 25% of peers. BitTorrent misconfigurations are prevalent among
both anti-P2P companies peers (e.g., Media Defender) and normal peers with
diagonally different sets of characteristics.




Bio:



Dr. Yan Chen is an Assistant Professor in the Department of Electrical
Engineering and Computer Science at Northwestern University, Evanston, IL.  He
got his Ph.D. in Computer Science at University of California at Berkeley in
2003.  His research interests include network security, network measurement,
P2P systems and wireless and ad hoc networks. He won the Department of Energy
(DOE) Early CAREER award in 2005, the Air Force of Scientific Research (AFOSR)
Young Investigator Award in 2007, and the Microsoft Trustworthy Computing
Awards in 2004 and 2005 with his colleagues.




Host of the talk



Baochun Li (bli@eecg.toronto.edu)