[PL #24851] PlanetLab node(s) down: unioslo

Stephen Soltesz via RT monitor at planet-lab.org
Mon Apr 7 15:33:47 EDT 2008 

Email Recipients (see http://www.planet-lab.org/Support)
       Owner: Nobody
       Requestor: monitor at planet-lab.org
       Ticket Ccs: tech-unioslo at sites.planet-lab.org

==================================================

Hello, Karl,

I've copied the most recent message from you on support at planet-lab.org list.  Is 
this the correspondence you're referring to?

Did you not receive the responses from KyoungSoo and Larry below?  If you didn't 
receive these, please let us know.  This indicates a serious error on our side.

Were these responses not satisfying?  If not, can you help us understand what 
additional information would be helpful for you?

Thank you,
Stephen.

Karl Andre Skevik via RT wrote:
 > Email Recipients (see http://www.planet-lab.org/Support)
 >        Owner: Nobody
 >        Requestor: monitor at planet-lab.org
 >        Ticket Ccs: tech-unioslo at sites.planet-lab.org
 >
 > ==================================================
 >
 > Hello, we submitted some information to support at planet-lab.org about
 > misuse of the local planetlab machines some time ago, but as far as I
 > know we are still waiting for a reply.
 >
 > Karl-Andre' Skevik

Larry Peterson via RT wrote:
 > Email Recipients (see http://www.planet-lab.org/Support)
 >        Owner: kyoungso
 >        Requestor: plageman at ifi.uio.no
 >        Ticket Ccs: karlas at ifi.uio.no, plageman at ifi.uio.no, terjek at ifi.uio.no, 
umass_bittorrent at slices.planet-lab.org
 >
 > ==================================================
 >
 > I can add that I am in contact with BayTSP trying to work out
 > an arrangement whereby they won't trigger this false alarms
 > on PlanetLab nodes.
 >
 > Larry
 >
 > On Feb 13, 2008 11:55 AM, KyoungSoo Park via RT <support at planet-lab.org> wrote:
 >> Email Recipients (see http://www.planet-lab.org/Support)
 >>        Owner: Nobody
 >>        Requestor: plageman at ifi.uio.no
 >>        Ticket Ccs: karlas at ifi.uio.no, terjek at ifi.uio.no, 
umass_bittorrent at slices.planet-lab.org
 >>
 >> ==================================================
 >>
 >> Hi,
 >>
 >> We have also received the same complaint from other sites and
 >> the complaint turned out to be based on a false alarm.
 >> A slice from U-Mass did gather handshaking Bittorrent
 >> traffic with other peers, but their client is designed not
 >> to download the actual content, so it's unlikely that the movie
 >> file was actually downloaded. I have copied their response
 >> below and cc'ed the researchers to this email.
 >>
 >> Thanks,
 >> KyoungSoo
 >>
 >> from umass_bittorrent:
 >>
 >> We are conducting experiments to monitor the evolution of the number of
 >> leechers and seeds in popular swarms.  For that purpose, we run standard
 >> bittorrent clients and we collect information using both the vanilla
 >> Bittorrent protocol and its PEX extension.  We are also interested in
 >> fine grained statistics regarding the number of chunks downloaded by
 >> each peer over time.    Since this data is naturally broadcast in
 >> Bittorrent by the peers, we can easily record it.  From time to time,
 >> our Bittorrent client sends the gathered statistics  back to UMass,
 >> using ssh connections.
 >>
 >> Caveat: It is highly possible that we have received false IP addresses
 >> from trackers and ended up trying to connect to peers that were not in
 >> the Bittorrent network.  Nevertheless, our clients do not actively
 >> participate in the BitTorrent swarms.  They only do handshake with peers
 >> for data collecting purpose, so there should not be too much traffic in
 >> any case.
 >>
 >> In our experiment using PlanetLab and slice umass_bittorrent, no
 >> copyrighted content  is being served or downloaded.
 >>
 >> Thanks.
 >> Best regards, Daniel
 >>
 >>
 >> Thomas Plagemann via RT wrote:
 >>> Email Recipients (see http://www.planet-lab.org/Support)
 >>>        Requestor: plageman at ifi.uio.no
 >>>        Ticket Ccs: karlas at ifi.uio.no, terjek at ifi.uio.no
 >>>
 >>> ==================================================
 >>>
 >>> Wed Feb 13 10:45:12 2008: Request 24054 was acted upon.
 >>> Transaction: Ticket created by plageman at ifi.uio.no
 >>>
 >>> Subject: [Fwd: [Fwd: Notice ID: 22-28153813Unauthorized Use] (fwd)]
 >>>
 >>> Dear PlanetLab Support Team,
 >>>
 >>> our research group at the University of Oslo is an active user of PlanetLab.
 >>> However, due to misuse of the two PlanetLab machines at the University
 >>> of Oslo from others, our central systems administration decided to remove
 >>> the machines from the network.
 >>>
 >>> The reason for this is understandable: since these are machines owned by
 >>> and used at the University of Oslo, the University of Oslo is legally
 >>> responsible
 >>> for any misuse - at the same time systems administration has no possibility
 >>> to take appropriate actions other than removing the machines from the
 >>> network.
 >>>
 >>> It was my understanding that there is inherent monitoring support in the
 >>> system to be able to trace back the originator etc. We would appreciate
 >>> if you could explain s what to do and how we can react in such situations.
 >>> Obviously, misuse cannot be tolerated.
 >>>
 >>> Please find below some notices we received about misuse, including
 >>> port scanning and illegal file sharing on our PlanetLab machines.
 >>>
 >>> Best regards,
 >>> Professor Dr. Thomas Plagemann
 >>> Distributed Multimedia Systems Group
 >>> Department of Informatics
 >>> University of Oslo
 >>>
 >>>
 >>> ------------------------------------------------------------------------
 >>>
 >>>
 >>>
 >>> ---------- Forwarded message ----------
 >>> Date: Thu, 31 Jan 2008 13:53:13 +0100
 >>> From: Sigurd Mytting <sm at ifi.uio.no>
 >>> To: terjek at ifi.uio.no
 >>> Subject: [Fwd: Notice ID: 22-28153813Unauthorized Use]
 >>>
 >>> Klagene som har kommet på planetlab-maskiner de siste dagene.
 >>>
 >>> -Sigurd
 >>>
 >>>
 >>> ------------------------------------------------------------------------
 >>>
 >>> -----BEGIN PGP SIGNED MESSAGE-----
 >>> Hash: SHA1
 >>>
 >>> Testing
 >>>
 >>> CONTACT_ORG::University of Oslo
 >>> CONTACT ADDRESS::
 >>> CONTACT CONTRY:: Norway
 >>>
 >>> Notice Date:28 Jan 2008 15:48:56 GMT
 >>> Notice ID:22-28153813
 >>> Dear Sir or Madam:
 >>> BayTSP, Inc. ("BayTSP") swears under penalty of perjury that OUR CLIENT 
copyright infringement notification.
 >>> BayTSP has reasonable good faith belief that OUR CLIENT, its agents, or the 
law does not authorize use
 >>> The attached documentation specifies the exact location of the infringement.
 >>>
 >>> All correspondence should be directed to 
mailto:paramount at copyright-compliance.com?subject=RE%3A%20Notice%20ID%3A%2022%2D28153813Unauthorized%20Use
 >>>
 >>> A prompt response indicating the actions you have taken to resolve this 
matter 
http://webreply.baytsp.com/webreply/webreply.jsp?customerid=22&commhash=c24126709d85b82606980c912ffe7853
 >>>
 >>> Nothing in this letter shall serve as a waiver of any rights or remedies of 
OUR CLIENTwith respect to the alleged infringement, all of which are expressly 
reserved.
 >>>
 >>> Should you need to contact me, regarding this matter please refer to Notice 
: 22-22-28153813 at the following address:
 >>>
 >>> Nicole Manske
 >>> Compliance Manager :: BayTSP, Inc.
 >>> PO Box 1314 Los Gatos, CA 95031
 >>> ph: 408-341-2300  fax: 408-341-2399
 >>>
 >>> *pgp public key is available on the key server at ldap://keyserver.pgp.com
 >>> Note: The information transmitted in this Notice is intended only for the 
person or entity to which it is addressed and may contain confidential and/or 
privileged material. Any review, reproduction, retransmission, dissemination or 
other use of, or taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is prohibited. If you 
received this in error, please contact the sender and delete the material from 
all computers.
 >>>
 >>> Detected Infringement Information:
 >>>
 >>> Notice ID:22-28153813
 >>> Orginal Timestamp: 23 Jan 2008 22:12:08 GMT
 >>> Asset: Cloverfield
 >>> Protocol:: BitTorrent
 >>> Filename::Cloverfield.CAM.Jek.DivX-THS.avi
 >>> Filesize:: 504407040
 >>>
 >>> DNS: planetlab4.ifi.uio.no
 >>> IP Address:  129.240.67.18
 >>> URL: 
http://www.leechtorrents.com:2710/jdr81wt2664u1g6csoghbz47jwjt5cp4/announce
 >>> Last Seen Date: 28 Jan 2008 07:47:04 GMT
 >>>
 >>> Username (if available):
 >>> Cloverfield.CAM.Jek.DivX-THS.avi      504407040
 >>>
 >>> -----BEGIN PGP SIGNATURE-----
 >>> Version: 8.0
 >>>
 >>> iD8DBQFHnqs19Y9NMGKi0WgRAiHiAKDQfDjEXMdhEmYbB9v2oapnwCRIJgCg/e55
 >>> wWpI/veHQzrfCSfI9FDh+Yo=
 >>> =c9ou
 >>> -----END PGP SIGNATURE-----
 >>>
 >>>
 >>>
 >>>
 >>>
 >>> ------------------------------------------------------------------------
 >>>
 >>> -----BEGIN PGP SIGNED MESSAGE-----
 >>> Hash: SHA1
 >>>
 >>> Testing
 >>>
 >>> CONTACT_ORG::University of Oslo
 >>> CONTACT ADDRESS::
 >>> CONTACT CONTRY:: Norway
 >>>
 >>> Notice Date:28 Jan 2008 15:48:55 GMT
 >>> Notice ID:22-28153812
 >>> Dear Sir or Madam:
 >>> BayTSP, Inc. ("BayTSP") swears under penalty of perjury that OUR CLIENT 
copyright infringement notification.
 >>> BayTSP has reasonable good faith belief that OUR CLIENT, its agents, or the 
law does not authorize use
 >>> The attached documentation specifies the exact location of the infringement.
 >>>
 >>> All correspondence should be directed to 
mailto:paramount at copyright-compliance.com?subject=RE%3A%20Notice%20ID%3A%2022%2D28153812Unauthorized%20Use
 >>>
 >>> A prompt response indicating the actions you have taken to resolve this 
matter 
http://webreply.baytsp.com/webreply/webreply.jsp?customerid=22&commhash=64f8e744d70f3f5b6381852bd07fa065
 >>>
 >>> Nothing in this letter shall serve as a waiver of any rights or remedies of 
OUR CLIENTwith respect to the alleged infringement, all of which are expressly 
reserved.
 >>>
 >>> Should you need to contact me, regarding this matter please refer to Notice 
: 22-22-28153812 at the following address:
 >>>
 >>> Nicole Manske
 >>> Compliance Manager :: BayTSP, Inc.
 >>> PO Box 1314 Los Gatos, CA 95031
 >>> ph: 408-341-2300  fax: 408-341-2399
 >>>
 >>> *pgp public key is available on the key server at ldap://keyserver.pgp.com
 >>> Note: The information transmitted in this Notice is intended only for the 
person or entity to which it is addressed and may contain confidential and/or 
privileged material. Any review, reproduction, retransmission, dissemination or 
other use of, or taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is prohibited. If you 
received this in error, please contact the sender and delete the material from 
all computers.
 >>>
 >>> Detected Infringement Information:
 >>>
 >>> Notice ID:22-28153812
 >>> Orginal Timestamp: 23 Jan 2008 19:27:56 GMT
 >>> Asset: Cloverfield
 >>> Protocol:: BitTorrent
 >>> Filename::Cloverfield.CAM.Jek.DivX-THS.avi
 >>> Filesize:: 504407040
 >>>
 >>> DNS: planetlab1.ifi.uio.no
 >>> IP Address:  129.240.67.15
 >>> URL: 
http://www.leechtorrents.com:2710/u8e94pk5lu9skxmjrwdzfryhyuxx3z2d/announce
 >>> Last Seen Date: 28 Jan 2008 07:53:31 GMT
 >>>
 >>> Username (if available):
 >>> Cloverfield.CAM.Jek.DivX-THS.avi      504407040
 >>>
 >>> -----BEGIN PGP SIGNATURE-----
 >>> Version: 8.0
 >>>
 >>> iD8DBQFHnqs09Y9NMGKi0WgRAgcDAJ0eqegDHg5iSJXcIJ/libQXU5miaACgyZ4A
 >>> DUs3g6YDqmv7F6+o8CLWY5g=
 >>> =slAA
 >>> -----END PGP SIGNATURE-----
 >>>
 >>>
 >>>
 >>>
 >>>
 >>> ------------------------------------------------------------------------
 >>>
 >>> Hei,
 >>>
 >>> UNINETT CERT har mottatt henvendelse angående uønsket aktivitet fra en
 >>> av deres maskiner.
 >>>
 >>> Vennligst undersøk saken, bl.a. med henblikk på om maskinen er
 >>> kompromittert, og gi tilbakemelding *til klager* med kopi til UNINETT
 >>> CERT.
 >>>
 >>> Mvh
 >>> UNINETT CERT
 >>>
 >>> --------------------------------------
 >>>
 >>> Greetings:
 >>>
 >>> The Department of Defense Joint Task Force for Global Network
 >>> Operations
 >>> (JTF-GNO), formerly known as DOD-CERT, is the DOD information security
 >>> (INFOSEC), incident response and coordination center chartered to
 >>> handle
 >>> all DOD INFOSEC incidents involving DOD information and
 >>> telecommunications assets.
 >>>
 >>> We are contacting you on behalf of a DOD location that is receiving
 >>> objectionable traffic from your network. The type of traffic identified
 >>> is tcp port 43588. All of the connection attempts originated from the
 >>> following source IP 129.240.67.15 between 2008/01/24T00:00:05  GMT and
 >>> 2008/01/24T23:59:54  GMT. Additional details are at the end of this
 >>> message.
 >>>
 >>> We are providing this information in an effort to help report not only
 >>> the abuse of DOD network resources, but your crucial network resources
 >>> as well. In addition, we believe that the sharing of information
 >>> between
 >>> Internet Service Providers (ISP) is one of the many ways to improve the
 >>> health and welfare of the Internet as a whole. We hope that your
 >>> organization will look in to this matter and we would be amenable to
 >>> receive any correspondence concerning this matter, but there is no
 >>> obligation or direction that is expected of your organization.
 >>>
 >>> In the event that a system may be compromised within your network, an
 >>> intrusion detection response and recovery checklist to help you is
 >>> available at
 >>> <http://www.cert.org/tech_tips/win-UNIX-system_compromise.html>
 >>>
 >>> We have assigned an internal reference number DOD
 >>> CERT#(129.240.67.15_24Jan2008) to this report and it is included in the
 >>> subject line of this e-mail message.  We would appreciate your
 >>> including
 >>> it in the subject line of future correspondence about this report. We
 >>> would really appreciate your cooperation in looking into this matter.
 >>>
 >>> Thank you.
 >>>
 >>> DoD CERT
 >>>
 >>> sIP|sPort|dPort|protocol|packets|bytes|flags|sTime|eTime|
 >>> 129.240.67.15|43448|43588|6|4|224| S
 >>> |2008/01/24T19:44:07.562|2008/01/24T19:44:28.560|
 >>> 129.240.67.15|35433|43588|6|4|224| S
 >>> |2008/01/24T20:14:11.220|2008/01/24T20:14:32.230|
 >>> 129.240.67.15|60327|43588|6|4|224| S
 >>> |2008/01/24T20:12:46.931|2008/01/24T20:13:07.945|
 >>> 129.240.67.15|39482|43588|6|3|168| S
 >>> |2008/01/24T20:15:41.220|2008/01/24T20:15:50.173|
 >>> 129.240.67.15|39353|43588|6|4|224| S
 >>> |2008/01/24T19:42:44.257|2008/01/24T19:43:05.253|
 >>> 129.240.67.15|47426|43588|6|4|224| S
 >>> |2008/01/24T19:45:37.132|2008/01/24T19:45:58.136|
 >>> 129.240.67.15|59340|43588|6|4|224| S
 >>> |2008/01/24T22:04:30.827|2008/01/24T22:04:51.811|
 >>> 129.240.67.15|34322|43588|6|4|224| S
 >>> |2008/01/24T22:06:00.172|2008/01/24T22:06:21.160|
 >>> 129.240.67.15|55350|43588|6|4|224| S
 >>> |2008/01/24T22:03:07.457|2008/01/24T22:03:28.442|
 >>>
 >>>
 >>>
 >>>
 >>> ------------------------------------------------------------------------
 >>>
 >>> _______________________________________________
 >>> PlanetLab Support Mail Reflector
 >>> support at planet-lab.org
 >>> https://lists.planet-lab.org/mailman/listinfo/support-community
 >> _______________________________________________
 >> PlanetLab Support Mail Reflector
 >> support at planet-lab.org
 >> https://lists.planet-lab.org/mailman/listinfo/support-community
 >>
 >>
 >
 > _______________________________________________
 > PlanetLab Support Mail Reflector
 > support at planet-lab.org
 > https://lists.planet-lab.org/mailman/listinfo/support-community

More information about the monitor-list mailing list