Measurement and diagnosis of address misconfigured P2P traffic

Through measurement study, we discover an interesting phenomenon, P2P address misconfiguration, in which a large number of peers send P2P file downloading requests to a "random" target on the Internet. Through measuring three large datasets spanning four years and across five different /8 networks, we find address-misconfigured P2P traffic on average contributes 38.9 percent of Internet background radiation, increasing by more than 100 percent every year. To detect and diagnose such unwanted traffic, we design the P2PScope, a measurement tool. After analyzing about 2 Tbytes of data and tracking millions of peers, we found that in all the P2P systems, address misconfiguration is caused by resource mapping contamination: the sources returned for a given file ID through P2P indexing are not valid. Different P2P systems have different reasons for such contamination. For eMule, we find that the root cause is mainly a network byte-order problem in the eMule Source Exchange protocol. For BitTorrent misconfiguration, one reason is that anti-P2P companies actively inject bogus peers into the P2P system. Another reason is that the KTorrent implementation has a byte-order problem.

[1]  Farnam Jahanian,et al.  Experimental study of Internet stability and backbone failures , 1999, Digest of Papers. Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing (Cat. No.99CB36352).

[2]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[3]  Ion Stoica,et al.  Friday: Global Comprehension for Distributed Replay , 2007, NSDI.

[4]  Richard Mortier,et al.  The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery , 2006, NSDI.

[5]  Marcos K. Aguilera,et al.  Performance debugging for distributed systems of black boxes , 2003, SOSP '03.

[6]  Marco Mellia,et al.  Inferring undesirable behavior from P2P traffic analysis , 2009, SIGMETRICS '09.

[7]  Vinod Yegneswaran,et al.  Using Honeynets for Internet Situational Awareness , 2005 .

[8]  Keith W. Ross,et al.  The Index Poisoning Attack in P2P File Sharing Systems , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[9]  Xuezheng Liu,et al.  D3S: Debugging Deployed Distributed Systems , 2008, NSDI.