Forensics in Peer-To-Peer Sharing and Associated Litigation Challenges
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
What Is Peer-To-Peer File Transfer? Bandwidth It Can Use
sharing, with no cap on the amount of commonly used to trade copyrighted music What is Peer-to-Peer file transfer? bandwidth it can use. Thus, a single NSF PC and software. connected to NSF’s LAN with a standard The Recording Industry Association of A peer-to-peer, or “P2P,” file transfer 100Mbps network card could, with KaZaA’s America tracks users of this software and has service allows the user to share computer files default settings, conceivably saturate NSF’s begun initiating lawsuits against individuals through the Internet. Examples of P2P T3 (45Mbps) internet connection. who use P2P systems to steal copyrighted services include KaZaA, Grokster, Gnutella, The KaZaA software assesses the quality of material or to provide copyrighted software to Morpheus, and BearShare. the PC’s internet connection and designates others to download freely. These services are set up to allow users to computers with high-speed connections as search for and download files to their “Supernodes,” meaning that they provide a How does use of these services computers, and to enable users to make files hub between various users, a source of available for others to download from their information about files available on other create security issues at NSF? computers. users’ PCs. This uses much more of the When configuring these services, it is computer’s resources, including bandwidth possible to designate as “shared” not only the and processing capability. How do these services function? one folder KaZaA sets up by default, but also The free version of KaZaA is supported by the entire contents of the user’s computer as Peer to peer file transfer services are highly advertising, which appears on the user well as any NSF network drives to which the decentralized, creating a network of linked interface of the program and also causes pop- user has access, to be searchable and users. -
Application Log Analysis
Masarykova univerzita Fakulta}w¡¢£¤¥¦§¨ informatiky !"#$%&'()+,-./012345<yA| Application Log Analysis Master’s thesis Júlia Murínová Brno, 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Júlia Murínová Advisor: doc. RNDr. Vlastislav Dohnal, Ph.D. iii Acknowledgement I would like to express my gratitude to doc. RNDr. Vlastislav Dohnal, Ph.D. for his guidance and help during work on this thesis. Furthermore I would like to thank my parents, friends and family for their continuous support. My thanks also belongs to my boyfriend for all his assistance and help. v Abstract The goal of this thesis is to introduce the log analysis area in general, compare available systems for web log analysis, choose an appropriate solution for sample data and implement the proposed solution. Thesis contains overview of monitoring and log analysis, specifics of application log analysis and log file formats definitions. Various available systems for log analysis both proprietary and open-source are compared and categorized with overview comparison tables of supported functionality. Based on the comparison and requirements analysis appropriate solution for sample data is chosen. The ELK stack (Elasticsearch, Logstash and Kibana) and ElastAlert framework are deployed and configured for analysis of sample application log data. Logstash configuration is adjusted for collecting, parsing and processing sample data input supporting reading from file as well as online socket logs collection. Additional information for anomaly detection is computed and added to log records in Logstash processing. -
Analysis of Web Logs and Web User in Web Mining
International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.1, January 2011 ANALYSIS OF WEB LOGS AND WEB USER IN WEB MINING L.K. Joshila Grace 1, V.Maheswari 2, Dhinaharan Nagamalai 3, 1Research Scholar, Department of Computer Science and Engineering [email protected] 2 Professor and Head,Department of Computer Applications 1,2 Sathyabama University,Chennai,India 3Wireilla Net Solutions PTY Ltd, Australia ABSTRACT Log files contain information about User Name, IP Address, Time Stamp, Access Request, number of Bytes Transferred, Result Status, URL that Referred and User Agent. The log files are maintained by the web servers. By analysing these log files gives a neat idea about the user. This paper gives a detailed discussion about these log files, their formats, their creation, access procedures, their uses, various algorithms used and the additional parameters that can be used in the log files which in turn gives way to an effective mining. It also provides the idea of creating an extended log file and learning the user behaviour. KEYWORDS Web Log file, Web usage mining, Web servers, Log data, Log Level directive. 1. INTRODUCTION Log files are files that list the actions that have been occurred. These log files reside in the web server. Computers that deliver the web pages are called as web servers. The Web server stores all of the files necessary to display the Web pages on the users computer. All the individual web pages combines together to form the completeness of a Web site. Images/graphic files and any scripts that make dynamic elements of the site function. -
OPEN SOURCE Software Enter the World Of
OPEN SOURCE Software http://www.bacula.org http://eraser.heidi.ie Eraser is a secure data Bacula is a set removal tool for Win- of computer programs that permit manag- dows. It completely removes sensitive data ing backup, recovery, and verification of from your hard drive by overwriting it several computer data across a network of com- times with carefully selected patterns. Eraser puters of different kinds. Based on Source is currently supported under Windows XP Forge downloads, Bacula is the most popu- lar Open Source backup program. (with Service Pack 3), Windows Server 2003 (with Service Pack 2), Windows Vista, Win- dows Server 2008, Windows 7 and Windows Server 2008 R2. http://www.emule-project.net e M u l e is a filesharing client which is based on http://shareaza.sourceforge.net/ the eDonkey2000 network but offers more features than the standard client. Shareaza is a very powerful multi-network eMule is one of the biggest and most peer-to-peer ( P2P ) file-sharing client sup- reliable peer-to-peer file sharing clients porting Gnutella² ( G2 ), Gnutella ( G1 ), around the world. eDonkey2000 ( eMule ), DC++, HTTP, FTP and BitTorrent protocols for Windows (or Wine). It allows you to download any file-type For more OSS, visit sourceforge found on several popular P2P networks. Shareaza is FREE & contains NO Spyware or third-party products. http://www.scintilla.org Scintilla is a free source code editing compo- nent which includes useful features such as syntax styling, error indicators, folding, code completion and call tips. The project includes SciTE (SCIntilla based Text Editor). -
The Edonkey File-Sharing Network
The eDonkey File-Sharing Network Oliver Heckmann, Axel Bock, Andreas Mauthe, Ralf Steinmetz Multimedia Kommunikation (KOM) Technische Universitat¨ Darmstadt Merckstr. 25, 64293 Darmstadt (heckmann, bock, mauthe, steinmetz)@kom.tu-darmstadt.de Abstract: The eDonkey 2000 file-sharing network is one of the most successful peer- to-peer file-sharing applications, especially in Germany. The network itself is a hybrid peer-to-peer network with client applications running on the end-system that are con- nected to a distributed network of dedicated servers. In this paper we describe the eDonkey protocol and measurement results on network/transport layer and application layer that were made with the client software and with an open-source eDonkey server we extended for these measurements. 1 Motivation and Introduction Most of the traffic in the network of access and backbone Internet service providers (ISPs) is generated by peer-to-peer (P2P) file-sharing applications [San03]. These applications are typically bandwidth greedy and generate more long-lived TCP flows than the WWW traffic that was dominating the Internet traffic before the P2P applications. To understand the influence of these applications and the characteristics of the traffic they produce and their impact on network design, capacity expansion, traffic engineering and shaping, it is important to empirically analyse the dominant file-sharing applications. The eDonkey file-sharing protocol is one of these file-sharing protocols. It is imple- mented by the original eDonkey2000 client [eDonkey] and additionally by some open- source clients like mldonkey [mlDonkey] and eMule [eMule]. According to [San03] it is with 52% of the generated file-sharing traffic the most successful P2P file-sharing net- work in Germany, even more successful than the FastTrack protocol used by the P2P client KaZaa [KaZaa] that comes to 44% of the traffic. -
[Hal-00744922, V1] Improving Content Availability in the I2P Anonymous
Improving Content Availability in the I2P Anonymous File-Sharing Environment Juan Pablo Timpanaro, Isabelle Chrisment*, Olivier Festor INRIA Nancy-Grand Est, France *LORIA - ESIAL, Universit´ede Lorraine Email: fjuanpablo.timpanaro, [email protected] Email: [email protected] Abstract. Anonymous communication has gained more and more inter- est from Internet users as privacy and anonymity problems have emerged. Dedicated anonymous networks such as Freenet and I2P allow anony- mous file-sharing among users. However, one major problem with anony- mous file-sharing networks is that the available content is highly reduced, mostly with outdated files, and non-anonymous networks, such as the BitTorrent network, are still the major source of content: we show that in a 30-days period, 21648 new torrents were introduced in the BitTor- rent community, whilst only 236 were introduced in the anonymous I2P network, for four different categories of content. Therefore, how can a user of these anonymous networks access this varied and non-anonymous content without compromising its anonymity? In this paper, we improve content availability in an anonymous environment by proposing the first internetwork model allowing anonymous users to access and share content in large public communities while remaining anonymous. We show that our approach can efficiently interconnect I2P users and public BitTorrent swarms without affecting their anonymity nor their performance. Our model is fully implemented and freely usable. 1 Introduction Peer-to-peer file-sharing has always been one of the major sources of the Internet hal-00744922, version 1 - 24 Oct 2012 traffic, since its early beginnings in 2000. It has been moving from semi-central approaches (eDonkey2000, for example), to semi-decentralized approaches (Kazaa, for instance) to fully decentralized file-sharing architectures (like the KAD net- work). -
Conducting and Optimizing Eclipse Attacks in the Kad Peer-To-Peer Network
Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network Michael Kohnen, Mike Leske, and Erwin P. Rathgeb University of Duisburg-Essen, Institute for Experimental Mathematics, Ellernstr. 29, 45326 Essen [email protected], [email protected], [email protected] Abstract. The Kad network is a structured P2P network used for file sharing. Research has proved that Sybil and Eclipse attacks have been possible in it until recently. However, the past attacks are prohibited by newly implemented secu- rity measures in the client applications. We present a new attack concept which overcomes the countermeasures and prove its practicability. Furthermore, we analyze the efficiency of our concept and identify the minimally required re- sources. Keywords: P2P security, Sybil attack, Eclipse attack, Kad. 1 Introduction and Related Work P2P networks form an overlay on top of the internet infrastructure. Nodes in a P2P network interact directly with each other, i.e., no central entity is required (at least in case of structured P2P networks). P2P networks have become increasingly popular mainly because file sharing networks use P2P technology. Several studies have shown that P2P traffic is responsible for a large share of the total internet traffic [1, 2]. While file sharing probably accounts for the largest part of the P2P traffic share, also other P2P applications exist which are widely used, e.g., Skype [3] for VoIP or Joost [4] for IPTV. The P2P paradigm is becoming more and more accepted also for professional and commercial applications (e.g., Microsoft Groove [5]), and therefore, P2P technology is one of the key components of the next generation internet. -
Downloading Copyrighted Materials
What you need to know before... Downloading Copyrighted Materials Including movies, TV shows, music, digital books, software and interactive games The Facts and Consequences Who monitors peer-to-peer file sharing? What are the consequences at UAF The Motion Picture Association of America for violators of this policy? (MPAA), Home Box Office, and other copyright Student Services at UAF takes the following holders monitor file-sharing on the Internet minimum actions when the policy is violated: for the illegal distribution of their copyrighted 1st Offense: contents. Once identified they issue DMCA Loss of Internet access until issue is resolved. (Digital Millennium Copyright Act) take-down 2nd Offense: notices to the ISP (Internet Service Provider), in Loss of Internet access pending which the University of Alaska is considered as resolution and a $100 fee assessment. one, requesting the infringement be stopped. If 3rd Offense: not stopped, lawsuit against the user is possible. Loss of Internet access pending resolution and a $250 fee assessment. What is UAF’s responsibility? 4th, 5th, 6th Offense: Under the Digital Millennium Copyright Act and Loss of Internet access pending resolution and Higher Education Opportunity Act, university a $500 fee assessment. administrators are obligated to track these infractions and preserve relevent logs in your What are the Federal consequences student record. This means that if your case goes for violators? to court, your record may be subpoenaed as The MPAA, HBO and similar organizations are evidence. Since illegal file sharing also drains becoming more and more aggressive in finding bandwidth, costing schools money and slowing and prosecuting alleged offenders in criminal Internet connections, for students trying to use court. -
Emule for Dummies V 0.1 - by Ciquta
eMule for dummies v 0.1 - by ciquta (Guida funzionale ed incompleta rivolta ai neofiti della rete ed2k) Filosofia ed2k I p2p ed2k (edonkey, emule, emule plus, etc…) sono la generazione “intelligente” dei p2p: si basano sul principio dei “crediti”, ovvero chi più shara risorse, chi più invia, chi in definitiva si impegna di più a mettere a disposizione la propria banda di upload viene maggiormente premiato con slot di download. La quantità totale di upload in qualsiasi p2p è uguale identica a quella totale di download, pertanto più vengono messi a disposizione bit di upload, più vi saranno utenti connessi alla rete e maggiori saranno le possibilità di reperimento di un file e quindi di download. Il che sta a significare che gli utenti collegati avendo un ristorno in termini di download di quello che sharano e soprattutto inviano sono ben disposti a alimentare questo circolo di scambio dati, e i risultati si palpano in termini di reperibilità di file particolarmente rari e di numero delle fonti e di slot disponibili. Il software lato client è open source, pertanto vi capiterà di perdervi tra le mille versioni e relativi modding. Tuttavia la sostanza è sempre simile e notevoli cambiamenti tra l’una e l’altra sono percettibili solo tra versioni notevolmente distanti tra di loro in termini di date di sviluppo, quindi non è certo il caso di cambiare ad ogni uscita di una nuova versione, credo sia sufficiente farlo una volta ogni 3 o 4 mesi a scanso di epocali svolte nello sviluppo. Principali caratteristiche innovative Tante sono le interessanti differenze con gli altri p2p: • Gestione autonoma delle code: eMule non da modo agli utenti di “segare” gli upload, evitando quindi i classici casi di troncamento dei download tipici degli altri p2p, nei quali c’è da guerrigliare con baratti e suppliche per farsi finire un download. -
Frequently Asked Questions
Copyright & File-Sharing FREQUENTLY ASKED QUESTIONS WHAT IS COPYRIGHT? BUT I BOUGHT IT. WHY CAN’T I SHARE IT? WHAT CAN I DO TO AVOID COPYRIGHT Copyright refers to the legal rights creators have There is a difference between using and distributing INFRINGEMENT? over the use, distribution, and reproduction of copyrighted materials. Purchasing songs, movies, or Download content from legitimate sources and do original work (music, movies, software, etc.). software from legitimate sources does not give you the not share copyrighted materials online. Uninstall Copyright infringement is the unlawful use of any right to share these materials over the Internet or make P2P applications (e.g., Popcorn Time, BitTorrent, material protected under copyright law. Common copies for others. When you purchase a Peer-to-Peer Vuze), which may be sharing your files without violations include downloading ‘pirated’ copies of (P2P) program (e.g., Frostwire, BitTorrent, Vuze), you your knowledge. Do not share your NetID and copyrighted materials or sharing files not intended only buy the software, not any files you download or password with anyone. Keep your computer for you to distribute. share using this software. up-to-date with the latest security patches and anti-virus software. HOW DO I KNOW IT’S COPYRIGHTED? DOES UMASS IT MONITOR MY INTERNET Assume all materials are copyright-protected CONNECTION? HOW CAN I LEGALLY DOWNLOAD CONTENT? unless you created them or you have received the No. We do not monitor the contents of your computer Services like Amazon, iTunes, and eMusic offer author’s explicit permission to distribute them. All or issue copyright complaints. -
System Log Files Kernel Ring Buffer Viewing Log Files the Log Files
System Log Files Most log files are found in /var/log Checking logs are critical to see if things are working correctly Checking logs is critical to see if things are working correctly. Take a look at all the log files on scratch ls /var/log Kernel Ring Buffer The kernel ring buffer is something like a log file for the kernel; however, unlike other log files, it’s stored in memory rather than in a disk file. You can use the dmesg command to view it. Many times it is logged to /var/log/dmesg as well. It requires sudo privileges to read the /var/log/dmesg file, but not to run the dmesg command. Viewing log files There are a number of commands to view log files. cat less head tail Anytime a new entry is added to a log file, it is appended to the end of the file. This is one of those times where tail is particularly useful. Usually when we want to look at log files we want to look at the most recent entries. When organizing our viewing command - order matters. Most of the following commands produce different results. And all are useful depending on what type of results you want. Go through the thought process and figure out what each command does. Can you figure out which three produce identical results? cat /var/log/syslog cat /var/log/syslog | grep daemon cat /var/log/syslog | grep daemon | tail -n 10 cat /var/log/syslog | tail -n 10 cat /var/log/syslog | tail -n 10 | grep daemon less /var/log/syslog less /var/log/syslog | tail -n 10 | grep daemon head -n 10 /var/log/syslog head -n 10 /var/log/syslog | grep daemon tail -n 10 /var/log/syslog tail -n 10 /var/log/syslog | grep daemon If you add the -f option to the tail command it provides a live watch of the log file. -
Darmstadt University of Technology the Edonkey 2000
Darmstadt University of Technology The eDonkey 2000 Protocol Oliver Heckmann, Axel Bock KOM Technical Report 08/2002 Version 0.8 December 2002 Last major update 22.05.03 Last minor update 27.06.03 E-Mail: {heckmann, bock}@kom.tu-darmstadt.de Multimedia Communications (KOM) Department of Electrical Engineering & Information Technology & Department of Computer Science Merckstraße 25 • D-64283 Darmstadt • Germany Phone: +49 6151 166150 Fax: +49 6151 166152 Email: [email protected] URL: http://www.kom.e-technik.tu-darmstadt.de/ 1. Introduction The Edonkey2000 Protocol is one of the most successful file sharing protocols and used by the original Edonkey2000 client and the open source clients mldonkey and EMule. The Edonkey2000 Protocol can be classified as decentral file sharing protocol with distributed servers. Contrary to the original Gnutella Protocol it is not completely decentral as it uses servers; contrary to the original Napster protocol it does not use a single server (farm) which is a single point of failure, instead it uses servers that are run by power users and offers mechanisms for inter-server communication. Unlinke Peer-to-Peer (P2P) proto- cols like KaZaa, Morpheus, or Gnutella the eDonkey network has a client/server based structure. The servers are slightly similar to the KaZaa supernodes, but they do not share any files, only manage the information distribution and work as several central dictionaries which hold the information about the shared files and their respective client locations. In the Edonkey network the clients are the nodes sharing data. Their files are indexed by the servers. If they want to have a piece of data (a file), they have to connect using TCP to a server or send a short search request via UDP to one or more servers to get the necessary information about other clients sharing that file.