Allot Communications

Mission Brief: Peer-to-Peer (P2P) How to be Combat it!!

Questnet2005

Operational Background

2

1 P2P œ Definition*

A Peer-to-Peer (P2P) computer network is a network that relies on computing power at the edges (ends) of a connection rather than in the network itself. P2P networks are used for sharing content like audio, video, data or anything in digital format. All peers can access other peers’ available resources for free sharing of anything from Linux distributions to music and video. Collaboration tools - including messaging and more recently, Internet telephony (VoIP). Basic P2P technology has been around for a long time œ Usenet, Fidonet, etc.. * From Wikipedia, the free encyclopedia.

3

The Birth of Modern P2P - Napster

Shawn "Napster" Fanning created Napster in 1999 to provide an easy way to download music. First widely-used P2P music sharing service Its technology allowed music fans to easily share MP3format song files with each other. There were over 20 million users worldwide by end of 2000. Several lawsuits later, the Napster network was shutdown in July 2001.

4

2 1stGeneration œ Napster Model

Comprises a centralized network Requires individual computers (peers) to log into a central indexing server, which maintains information on all connected peers and the files they share Peers query this server, which provides the contact details of all peers owning that file The requesting peer then accesses these peers to initiate a transfer directly. Used a fixed TCP port number

5

2ndGeneration œ Decentralized P2P

No central server exists All peers —respond“ and share files directly with other peers To make the searches more efficient, the flooding method is used: peers send search queries to other peers, which forward the query to other peers until the file requested is found Searches often scour thousands of peers before a result is found, however, reducing distributed P2P networks‘ hit ratio and search speed significantly.

6

3 —Evasion Techniques“

Port-hopping - No fixed port number; instead, each peer uses a random or manually defined port number. Well-known ports. Some P2P applications use port 80, the official HTTP port, to evade firewall restrictions, gaining access to the Internet. HTTP Tunneling. On many enterprise networks, Internet access is only available when using an HTTP Proxy. Applications that are not HTTP-based and not accessible via an HTTP proxy cannot reach the Internet. To bypass such restrictions, many P2P applications have adopted HTTP as their base protocol, evading the network administrator once again.

7

3rdGeneration œ Hybrid P2P

Hybrid network is a compromise between the centralized and distributed structures. These networks use ultrapeers (or super-nodes) acting as central servers to keep the network distributed while maintaining good search and hit ratios, speed and network scalability Peers are randomly chosen to act as ultrapeers, providing indexing services for a small number of peers while communicating with other ultrapeers

8

4 Future P2P Current (W inny / F reenet) Files are entered into the network then stored transparently by the Nodes. Files cannot be intentionally deleted once added to the network. Files are stored transparently on each Node they pass through, multiplying the potential sources for a file. If files are not accessed for a period of time, they time out and are deleted automatically from the Nodes. The network itself is a vast storage device that nodes access. Traffic is encrypted œ HTTPS, Tunneling, etc..

9

P2P Downloads & Usage

P2P Total Application Downloads* Kazaa 240,759,939 Morpheus 113,014,928 Imesh 52,262,345 AudioGalaxy 31,408,240 BearShare 19,070,465 LimeWire 15,420,551 Grokster 8,445,256 WinMX 6,191,639 Blubster 3,361,874 Xolox 2,290,756 Major Australian ISP with FileNavigator 1,250,260 over 600Mb bandwidth Find MP3 1,217,585 (12/04) EDonkey 920,180

* 2003 figures Source Download.com (CNet)

10

5 Threat Assessment

11

P2P: New and increased risks faced

Legal Risks: Increased risk of corporate liability for actions of end-users. Increased risk of corporate liability due to P2P activity of other companies/subscribers that use your ISP. Security Risks: Increase in number and complexity of P2P-specific viruses. Infrastructure Risks: Increase in sharing of large files (i.e. 500+ Mb, movies and software) creates an unexpected bandwidth cost for the corporation.

12

6 External Influencers

BSA Business Software Association RIAA Recording Industry Association of America & Australia MPAA Motion Picture Association of America NMPA National Music Publishers Association IFPI International Federation of the Phonographic Industry

13

Recording Industry Tactics

PC Lockup: Placing code within files that would lock-up the PC on a P2P network Spoofing: Flooding the P2P network with low- quality or damaged versions of music files. Baiting: Placing a desirable file on the P2P network then determining the identity of the persons who choose to download it. Legal Action œ Australian University and ISP Raids Latest US court action against Groksterand Streamcast

14

7 Security Risks

Distributed Denial of Service (DDOS) - These viruses contains code that force the infected PC to participate in a DDOS, where the infected PC repeatedly connects and disconnects to specific websites. Disable Anti-Virus and/or Firewall - These viruses attempt to delete and/or disable the anti-virus and/or personal firewall applications installed on the infected PC. Trojan/ Hack/ Keylogger - These viruses generate malicious activity that represents a potentially severe threat to corporate security. Trojans open a port (channel) on the infected PC that can be used by an attacker/hacker to connect to the PC. Trojans can enable almost everything for an attacker to do harmful things like viewing/modifying/deleting data, accessing the network, etc.

15

Security Risks Cont..

File Deletion/Infection - These viruses will destroy specific file types, such as DOC (Word), MPG (movies) and MP3 (music). They may also infect data files (DOC, XLS) with the virus itself (i.e. ”push-mode‘). Infect MS-Messenger - These viruses will use MS- Messenger to distribute the virus œ disguised as another file œ to any and/or all of the online users listed on the users MS-Messenger ”buddy list‘. P2P-Applications and 3rd Party Malware ”Malware‘ collectively describes browser-based applications that are deemed as ”adware‘ (pop-ups, banners), ”trackware‘ (”context sensitive toolbars‘) or spyware(silent applications that track and transmit your web browsing habits).

16

8 Infrastructure Risks

Increased Usage & Over-usage: A few P2P users can disproportionately consume most/all of the bandwidth intended for a much larger user base. Usage patterns disrupted: Previously, one could anticipate peak usage at certain times of the day and lower usage at other times. With P2P applications, the PCs can automatically transfer data throughout the day (and overnight). Upstream/Downstream traffic ratios reversed: upstream traffic is much larger then the downstream traffic. This results in network congestion on the link that was never planned for with initial deployments.

17

Combat Strategy

18

9 Recon - Monitoring the Situation

19

Intelligence - The Signature

Deep Packet Inspection œ Layer 7 and beyond New P2P Applications are arriving all the time. Allot releases new signature updates once every 1-2 weeks. Allot‘s advantage in the Service Provider market œ they will identify a new P2P application within hours of release.

20

10 Know the Enemy

Ares Lite FileTopia Madster-Aimster Ares Galaxy Freenet MP2P BitTorrent Frost Motilino AzureusBitTorrent Furthur Blubster BitComet giFT Piolet G3 Torrent Gnutella RockitNet Direct Connect Acquisition Multi-Network DC++ Ares Epicea BCDC++ Bearshare iMesh Opera‘s DC (oDC) FreeWire Morpheus RevConnect Gluz Morpheusw/NEOnet EarthstationV Gnucleus Mute eDonkey Gtk-Gnutella Napster2 eMule KCeasy Overnet xMule LimeWire Poco ExoSee LordofSearch Share FastTrack NEoNapster Soribada Diet Kazaa Nova SoulSeek Download Accelerator Pro Phex Warez Grokster Shareaza Waste Kazaa(v1 & v2) XoloX WinMX PeerEnabler Hopster Winny(1 & 2) Poisned HotLine Zultrax Jabber

21

Tactics: Contain and Control

P2P P2P Unoptimized VoIP Dorms Per Student Optimized Lab 1 WAN/Internet HTTP Comp WAN/Internet Video Lab email Labs Lab 15 HTTP E- mail

Before After

22

11 The Control Room

23

Mission Assessment

24

12 Questions

25

Allot œ Successful Operations

Albert Einstein/ Yeshiva Carnegie Mellon Concordia University University Case Western University Connecticut College ArhusUniversity Catholic University Atlanta Girls School Central College Cornell College Austin College Central Methodist College Cumberland University Baptist Bible College Champlain College DaemenCollege Bard College Chehalis School District DaemenCollege Belhaven College Chesapeake College Daniel Webster College Benedictine College ChichesterCollege Ben-Gurion University of the ChosunUniversity Delgado Community College Negev Chung Kang University Dong MuangUniversity BERRY COLLEGE Cisco Junior College DoshishaUniversity Birmingham-Southern College ClafinUniversity BOCES Southern Westchester Eastern Kentucky University Cleveland State University Eastern Mennonite University Boston College CNRS Observatoire Brandeis University Colby Sawyer College EBD Brevard College Colgate University Eckerd College Bridgewater State College College of Abermarle Education Highway Business College College of Saint Rose ESD 113 C.S. des Bois-Francs College of SoutherMaryland Cal State University, San ESIC (University) Bernardino Columbia College Columbia College Fachhochschule Oensingen CarlowCollege

26

13 Allot œ Successful Operations

Fachhochschule Technikum HussonCollege KolejUniversity Kejuruteraan Kaernten Huston-TillotsonCollege danTeknik Fachhochschule Wolfenbuettel ICAM KonurenUniversity FachhochschulenO? IEP FairleighDickinson University Illinois Wesleyan University Lake Forest College Five Towns College Info-Logic EBM INC Landmark College Fort Hays State University International Islam University Langston University Geneva College IPB œ InstitutoPolit?cnicode Lawrenceville School Graceland University Beja Great Basin College ISC -InstitutSuperieurdu Leader University GroupeESC-ChamberySavoie Commerce LGCA GurtonCollege Itsos Limestone College Gwinnett Technical College John Brown University LindenwoodUniversity Kagoshima National College Hamilton College Louisiana State University HanYangUniversity KangwonUniversity Harvey MuddCollege Kansas State University Mahasarakham University Haute EcoleGalil?e Kansas Wesleyan University MalaspinaUniversity-College HBK BRAUNSCHWEIG KeanUniversity Marian College KhonkaenUniversity Hebrew University Maryville College Helena School District KilejUniversity Kejuruteraan danTeknik MehidolUniversity (Computer Hong Kong University King MongkutUniversity of Dpt) Hope College Technology Th Howard College Messiah College

27

Allot œ Successful Operations

Methodist College North Country Community PSU -Prince Of Songkla Michigan Tech University College University Oberlin College Middlebury College PWCS.EDU Mills College North East Wales Institute Queen's University MillsapsCollege Northeast Service Copperative Minot state University Northern MalayisiaEngineering RamapoCollege College Missouri Baptist University Rand Afrikaans University Nottingham Trent University Missouri Southern State Rice University University NTU University Singapore Monroe Community College OdenseTekniskeSkole Richard Stockton College of NJ Montana State University Oklahoma Baptist University Rider University Mt. Ida College Oklahoma City University Rivers Community College Multimedia University Oklahoma WeslayanUniversity Robotiker Ottawa University Murray State College Roger Williams University NACE Oxford University Press Nassau Community College Paul Smith's College Rogers State University National YunlinUniversity of Pembroke College Rogers State University-1 ScienceTec Peninsula Technikon Saint Louis University PepperdineUniversity Nazarene Headquarters SandongUniversity NetanyaCollege Philadelphia Community College New Hampshire College Phillips Academy SangmyoungUniversity Nicholls State University Politecnico Santa Maria Joint Union High North Central University Prince of SongklaUniversity Sch. Dist.

28

14 Allot œ Successful Operations

Sapir College Technion- Israel Institute of University Islamic International ShueYanCollege Technolog UII Siena University TeikyoLorettoHeights University University of Alberta Skidmore College TeikyoPost University University of Botswana smsTech Solutions Tel-Aviv University Southern Illinois University University of Bradford Texas Christian University Southern Nazarene University University of Burgos The Art Institute of Pittsburgh Southwest Baptist University The Hong Kong Institute of University of California, Santa Southwestern University Education Cruz Spring Hill College The Kings University College University of East Anglia St Mary's University The Nottingham Trent University of Fribourg St Mary's University University St. Lawrence University The University of Nottingham University of Hawaii at Manoa St. Louis College Pharmacy Three Rivers Community University of Islam International St. Mary's College- Notre Dame College Indone St. Norbert College Trinity College University of Laval Union College St.OlafCollege University of Maine Sterling College Universidad de Oviedo SunMoonUniversity tender Universit? De Neuchatel University of Miami Swarthmore College Universit? diTorino University of Miguel Hernandez Syracuse University University - Flinders TaeguUniversity University of Central England

29

Allot œ Successful Operations

University of Missouri University of Wisconsin, River West Texas A&M University University of N. Texas Falls University of Wisconsin-Stout Western Carolina University University of Nebraska (WCU) University of Northern Iowa University Of Yogyakarta Western Oklahoma State College University of Nottingham University Village of Fresno (UniM) UPM-National University of Westwood IndependantSchool University of Redlands Agricultural District University of Rochester Upper Iowa University Wheaton College UTAD University of Ryukyus Widener University University of San Francisco Utica College University of St. Mary UUM WIFI University of Tampa Vassar College WIFI O? University of Tennessee Vega Business Technologies Williams College University of the South Vermont Tech College WTC Victoria College University of Vermont YeojuUniversity University of Warwick Villanova University University of Wisconsin - WasedaUniversity Yeshiva University Whitewater Washington Bible College York College of PA University of Wisconsin College Washington College University of Wisconsin Eau Wayne State University Claire Wells College

30

15