Unstructured P2P networks by example:Gnutella 0.4,Gnutella 0.6 张张张 张张张 张张 张张
Unstructured P2P networks by example:Gnutella 0.4,Gnutella 0.6
张旭彤 杨蕊鸿 马骕 林晔
Introduction The
Protocol
Studying Gnutella
Query/Advertise approach
Attacking the
network
Extension of 0.6
1999
2001
Gnutella
Version 0.4
Version 0.6
Discussion
Gnutella removes the single point of the failure of centralized maintenance servers.
Goals: flexibility, scalability, reliability and anonymity.
Napster Gnutella
1999-2001 2000-now
File sharing system File sharing protocol
Centralized P2P network Decentralized/Hybrid P2P network
Top of TCP/IP at application level On TCP/IP at application level
Gnutella Protocol version 0.4
The Protocol
Introduction
Studying Gnutella
Query/Advertise approach
Attacking the
network
Extension of 0.6
How to establish a Gnutella network ?
4points:1.Descripterheaders2.Message types3.Firewalls4.Routing
The Protocol
Introduction
Studying Gnutella
Query/Advertise approach
Attacking the
network
Extension of 0.6
Descriptor headers
Message types
Firewalls
RoutingSpecial issue:TTL—only way of avoiding a network flooding &resulting poor bandwith
Descriptor Headers contents
Descriptor ID Identifier of the sender(no IP)
Payload Descriptor Message type
TTL(Time To Live ) The maximum number of forwards until this message is removed from the network
Hops Number of nodes passed
Payload Length Length of the following messages’ descriptor
The Protocol
Introduction
Studying Gnutella
Query/Advertise approach
Attacking the
network
Extension of 0.6
Descriptor headers
Message types
Firewalls
Routing
Finding friends: PING——search for other servents PONG——respond other’s call
Resource retrieval: QUERY——search for a certain data QUERY HIT——respond to QUERY
Pushing data: PUSH——purpose in case of firewalled servents
The Protocol
Introduction
Studying Gnutella
Query/Advertise approach
Attacking the
network
Extension of 0.6
Descriptor headers
Message types
Firewalls
Routing
Solution: providing a chance for requesting client to push data
Problem: the servent wanna share a resource, but situated behind a firewall .
The Protocol
Introduction
Studying Gnutella
Query/Advertise approach
Attacking the
network
Extension of 0.6
Descriptor headers
Message types
Firewalls
Routing
PONG and Query Hit messages are routed at the same path like the incoming PING and Query messages.
PING & QUERY broadcast message flooded to every node until TTL is outline
PONG & QUERY HIT :have the same Descriptor_ID as PING &QUERY message.
StudyingGnutella
Introduction
The Protocol Query/Advertise approach
Attacking the
network
Extension of 0.6
Gnutella Traffic
Network Structure
Gnutella network traffic in protocol version 0.4Queries with QueryHit message comparedto all queries
Number of responding QueryHits belongingto one Query message
StudyingGnutella
Introduction
The Protocol Query/Advertise approach
Attacking the
network
Extension of 0.6
Gnutella Traffic
Network Structure
Network structure over the day
Query/Advertise approach
Introduction
Studying Gnutella
The Protocol Attacking the
network
Extension of 0.6
Flaws of the Gnutella network
Using Publish/Subscri
be services
... in the end
Query/Advertise approach
Query/Advertise approach
Introduction
Studying Gnutella
The Protpcol Attacking the
network
Extension of 0.6
The Query Hit attack
The Pong attack
Going even one step further
A Distributed Denial of Service attack exploiting the Query Hit messages in Gnutella protocol version 0.4
Attacking the
networkIntroductio
n
Studying Gnutella
The Protocol Extension of 0.6
Query/Advertise approach
Query/Advertise approach
Introduction
Studying Gnutella
The Protpcol Attacking the
network
Extension of 0.6
The Query Hit attack
The Pong attack
Going even one step further
A Distributed Denial of Service attack exploiting the Ping messages in Gnutella protocol version 0.4
Attacking the
networkIntroductio
n
Studying Gnutella
The Protocol Extension of 0.6
Query/Advertise approach
Query/Advertise approach
Introduction
Studying Gnutella
The Protpcol Attacking the
network
Extension of 0.6
Protocol extensions
Restructuring the
network
Extension of 0.6
Introduction
Studying Gnutella
The Protocol Query/Advertise approach
Attacking the
network
Connection initialization: Handshaking sequence
GNUTELLA CONNECT/0.6User-Agent: BearShare/1.0Pong-Caching: 0.1GGEP: 0.5
GNUTELLA/0.6 200 OKUser-Agent: BearShare/1.0Pong-Caching: 0.1GGEP: 0.5Private-Data: 5ef89a
Query/Advertise approach
Introduction
Studying Gnutella
The Protpcol Attacking the
network
Extension of 0.6
Protocol extensions
Restructuring the
network
Extension of 0.6
Introduction
Studying Gnutella
The Protocol Query/Advertise approach
Attacking the
network
X-Try headers X-Try: 1.2.3.4:1234, 5.6.7.8:5678
Query/Advertise approach
Introduction
Studying Gnutella
The Protpcol Attacking the
network
Extension of 0.6
Protocol extensions
Restructuring the
network
Extension of 0.6
Introduction
Studying Gnutella
The Protocol Query/Advertise approach
Attacking the
network
Ultrapeer Query routing protocol
Thank You