security aspects of napster and gnutella...17 napster protocol details ocomplex client/server...
TRANSCRIPT
![Page 1: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/1.jpg)
1
Security Aspects ofNapster and Gnutella
Steven M. [email protected]
http://www.research.att.com/~smb
![Page 2: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/2.jpg)
2
Common Functions
Share files.Peer-to-peer – files don’t reside on acentral server.Each user decides which files to offerto others. Protocol supplies indexand connectivity information. Datatransfer is end-to-end, and does notuse central server.
![Page 3: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/3.jpg)
3
Napster
Everyone connects to central server.Server compiles and distributesindex.Server also provides “chat room”function – independent of file-sharing aspect.Protocol details reverse-engineered.
![Page 4: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/4.jpg)
4
Gnutella
No central server.No index.Users send queries to a neighbor;neighbors answer if they can, and alsoforward query to their neighbors.– Note: must know DNS name or IP address of
some starting point.Client retrieves file directly from oneanswerer.Open protocol specification.
![Page 5: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/5.jpg)
5
Gnutella Protocol Details
Simple protocol: 5 messages.– Ping, pong, push, query, query hits.
Uses “flooding protocol” – speak toall neighbors.HTTP used for actual content transfer.No login, no authentication, nocentral authority of any type.
![Page 6: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/6.jpg)
6
Gnutella Topology
![Page 7: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/7.jpg)
6
Gnutella Topology
![Page 8: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/8.jpg)
6
Gnutella Topology
![Page 9: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/9.jpg)
6
Gnutella Topology
![Page 10: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/10.jpg)
6
Gnutella Topology
![Page 11: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/11.jpg)
7
Common Header
16-byte Windows GUID– Clients must drop messages if GUID seen
recently.Message type.Time-to-live (limits maximum spreadof message).Hop count – how far away the senderis.Payload length.
![Page 12: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/12.jpg)
8
Ping and Pong
Used for topology discovery – askwho’s out there.Nodes that choose to reply with theirIP address, plus the amount of datathey’re sharing.Provides new connection points fornodes.But what if they lie about their IPaddress?
![Page 13: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/13.jpg)
9
Query and Query Reply
Query lists search terms, minimumserver speed acceptable.Query response gives IP address,port, speed, files that satisfy query,GUID of querier.– Querier then connects to offerer and
requests file.
![Page 14: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/14.jpg)
10
Push
Intended to bypass firewall – youcan’t serve a file if you’re behind afirewall.If requester can’t connect, it sends a“push” command instead, with its IPaddress and port number.Offerer does an outbound connect tothat host, and sends the file.
![Page 15: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/15.jpg)
11
Gnutella Analysis
Gives away topology information.Hard to control via firewalls.Unchecked IP address and portnumber announcements can be usedto generate flooding attacks, andpossibly worse.GUID may be usable to trace backGnutella messages.
![Page 16: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/16.jpg)
12
GUID Tracing
On Windows 95, 98, NT, GUID containsthe hardware MAC address, which isconstant over time.Privacy violation – can be used to linkrequests over time.Windows 2000 (and the UNIX clientsI’ve looked at) use random-appearing GUIDs.– Is there some hidden linkage?
![Page 17: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/17.jpg)
13
Leakage
Announces IP addresses.Appears to announce full path names.Announces Gnutella topology, which may(or may not) reflect real-world patternsof association.Can use any port number – hard to detect,hard to control outbound via firewalls.Nosy node can record queries, responses.
![Page 18: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/18.jpg)
14
Flooding
Pong messages contain IP addressesand port numbers – will other nodesauto-connect?– What if a node claims to be port 80 on
www.cnn.com?Query/Push pair is worse – anattacker can induce many sites to tryto send a large file to some arbitrarydestination.– Similar to “FTP Bounce” attack.
![Page 19: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/19.jpg)
15
Content Issues
What if I send you fake content?What if I send obscene content inresponse to innocent queries?Note: falsely advertising a high-speed link can be used to attractclients.
![Page 20: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/20.jpg)
16
UI Issues
Gnutella can be used to share arbitraryfiles.Some UIs provide an easy way to openfiles.Is this mechanism safe? How does it decidehow to open a file? If done wrong, this isas dangerous as email attachments.– Can I get a .EXE or a .VBS file when I asked for
an MP3?Again, fake line speed announcements canbe used to attract clients
![Page 21: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/21.jpg)
17
Napster Protocol Details
Complex client/server protocol withcentral site.Users can register, log in, etc.– Registration message includes age, income,
and education…– Central site can bounce users, ban them, etc.
Different message groups for chat rooms,searching/browsing, upload/download.File transfer is direct, and doesn’t gothrough napster.com’s site.
![Page 22: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/22.jpg)
18
Napster Topology
napster.com
![Page 23: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/23.jpg)
18
Napster Topology
napster.com
![Page 24: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/24.jpg)
18
Napster Topology
napster.com
![Page 25: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/25.jpg)
18
Napster Topology
napster.com
![Page 26: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/26.jpg)
18
Napster Topology
napster.com
![Page 27: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/27.jpg)
19
Searching and Indexing
Client sends search or browse requests tocentral site.– Can browse some other user’s files.– Response come back from central site.
Only explicitly-shared files should beretrievable.Only handles MP3.– “Wrapster” can package other file types in MP3
envelope.
![Page 28: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/28.jpg)
20
Chat Rooms
Conversations among users.– Nominally moderated.
All traffic flows too/from central site.– Central site not working that well right now –
there are several servers that don’t sharestatus information.
Multiple topics, etc.Clients can have “hot lists” of their friends.– Privacy issues?
![Page 29: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/29.jpg)
21
File Transfers
Transfer request goes to central site.Data transfer is direct.– Client and server both notify central site
of status, to support load limits.Clients can use any port numbers.Firewall bypass mechanisms –reverse who does active connect.
![Page 30: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/30.jpg)
22
UI Issues
Less opportunity for auto-exec ofnasty programs.– What if Wrapster functionality becomes
common?Is browsing more intrusive thanquery/response?
![Page 31: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/31.jpg)
23
Napster Analysis
Much harder for clients to lie – can’tgive fake IP addresses, port numbers,etc.Central site can exert much morecontrol.Privacy issues – central site knows(almost) all.Fake content and fake line speedattacks still apply – but in theory, aremore traceable.
![Page 32: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/32.jpg)
24
Napster versus Gnutella
Napster is more centralized – easier tomonitor and control, for good or badpurposes.Gnutella can probably scale further ifbetter topology reconstructionalgorithms are developed.Only Gnutella can easily share arbitraryfiles – but that’s a likely growth directionfor Napster.Gnutella is probably the style of the future– avoid central sites.
![Page 33: Security Aspects of Napster and Gnutella...17 Napster Protocol Details OComplex client/server protocol with central site. OUsers can register, log in, etc. – Registration message](https://reader035.vdocuments.mx/reader035/viewer/2022070204/60f2ba9ecd665632c13c29ea/html5/thumbnails/33.jpg)
25
Implementation Concerns
Both can have bugs, including bufferoverflows – and bugs are the biggestcause of security problems.– Some Gnutella clones are poorly
written.Both have direct user-to-usercommunication – can raise privacyissues.