One of the main purposes of PlanetLab is to enable research into new Internet technology. Frequently, researchers will deploy technologies on
PlanetLab that use the Internet in new ways. As a result, PlanetLab network traffic is sometimes viewed as anomalous by automated Intrusion Detection
Systems (IDSs), which may trigger alerts. If an alert is interpreted as a security threat by a system administrator or IDS, a complaint may be lodged
against your site or other PlanetLab hosting sites.
Recent security incidents, and their resolution, are listed below:
1. Distribution of copyrighted material on a BitTorrent experiment
Date: 29 July
2008
Description: A slice allocated to NTHU deployed BitTorrent and participated in the distribution of copyrighted material,
including Warner Bros. "Dark Knight" movie. As a consequence of Princeton's compliance officer being contacted, PlanetLab Operations team learned of the
situation and immediately suspended the slice.
Explanation from Researchers: They wanted to evaluate the performance of a proposed
BitTorrent cache system, and so they joined some popular BitTorrent swarms to operate under realistic conditions.
Resolution: This is
clearly a violation of the PlanetLab Acceptable Use Policy. The site has since been disabled, and the PI will need to appeal to the PlanetLab Consortium to
have it re-enabled. A message (PDF) has been sent to all PIs and Tech contacts regarding this
incident.
2. Traffic on SMTP ports by google_highground slice
Dates: May - June 2008
Description:
Some users have questions on SMTP scanning from this experiment (google_highground slice).
Explanation from Researchers:
Traffic is from a "SMTP survey" experiment (http://smtpsurvey.stillhq.com/). It however
doesn't send any mail, just connects on port 25, logs the tatus message and a few other details, and disconnects.
Resolution:
Affected IPs to be excluded can be sent to the researcher, to be added to a blacklist.
Example support email message (PDF)
3. DNS zone transfers by tudresden_sedns slice
Dates: April 2008
Description:
DNS zone transfers (AXFRs) created by this experiment (tudresden_sedns slice) have triggered security complaints.
Explanation from
Researchers: This is a content distribution research project in the DNS namespace. In order discover those CDNs, they are using an in-house
developed crawler/spider system that gathers DNS data through AXFRs (zone transfers) and similar approaches. (Research team's website).
Resolution: Responsible researchers will black list affected DNS server(s)
when needed.
Example support email message (PDF)
4. Suspicious bittorrent activities by umass_bittorrent slice
Dates: Feb - Mar
2008
Description: This experiment (umass_bittorrent slice) has triggered some security alert messages from BayTSP,
Inc.
Explanation from Researchers: No copyrighted material are being downloaded, these are monitoring status messages
Resolution: BayTSP, Inc was given a script to learn the current set of nodes and has agreed to white list PlanetLab nodes to avoid
such situations in the future.
Example support email message (PDF)
5. Traffic on DNS servers by princeton_traffic slice
Dates: Dec 2007 - Feb
2008
Description: This experiment (princeton_traffic slice) created requests to DNS servers that raised concerns from some users.
Explanation from Researchers: The experiment probes DNS caches to try to estimate the rate of web traffic to different websites.
Resolution: Affected IPs to be excluded can be sent to the researcher, to be added to a blacklist.
Example
support email message (PDF)
