P2P drag on nets getting worse

Peer-to-peer traffic has reached an all-time high across the Internet, bringing with it heightened security and legal threats for companies that fail to rid their networks of these popular applications.

Peer-to-peer traffic has reached an all-time high across the Internet, bringing with it heightened security and legal threats for companies that fail to rid their networks of these popular applications.

In this Network World Fusion Radio interview, BitTorrent creator Bram Cohen describes how it works and how he came up with it.

For years network managers have been playing a cat-and-mouse game as they try to block employees from using peer-to-peer Web sites that let visitors share copyrighted or illegal material. Now the stakes are getting higher.

Nearly 40% of Internet users admitted to downloading and sharing files through peer-to-peer sites while logged on to corporate networks, according to a survey that security vendor Blue Coat Systems conducted in March.

ISPs report that peer-to-peer traffic represents anywhere from 30% to 70% of their overall traffic, depending on whether their networks reside at the core or the edges of the Internet.

“We tell corporate users that they should be disallowing peer-to-peer traffic on their networks,” says Lydia Leong, principal analyst with Gartner. “We believe strongly that it places companies at risk, and it is potentially a security issue and a bandwidth constraint.”

LexisNexis uses a multilayered approach to prevent its 9,000 U.S. employees from downloading copyrighted materials such as music, videos or software via peer-to-peer. John Mawhirter, a consulting telecommunications engineer with LexisNexis, says the legal information provider has used Websense Enterprise Web-filtering software for five years, and last year added a Web-caching appliance from Blue Coat for extra protection.

“We also use firewalls to shut down the ports for music and video,” Mawhirter says. “And we have a software product that scans all the company computers to make sure no one has installed software that they shouldn’t.”

Mawhirter says this combination works well and has prevented LexisNexis from running into legal, security or productivity problems. He says the Websense software is flexible enough to allow for different rules in terms of blocking pornographic Web content in the U.S. and Europe, which have different views of what is inappropriate.

“There are different standards in Europe, so our European employees are not blocked under Websense,” Mawhirter says. “Our legal and [human resources] people aren’t under Websense either, but the IT department is.”

ISP issues

The workplace isn’t the only trouble spot. ISPs that offer broadband residential services say peer-to-peer traffic represents two-thirds or more of their upstream traffic, although some say that isn’t necessarily a bad thing.

Peer-to-peer traffic is especially high in Europe, where file swapping is more popular than it is in the U.S.

“Peer-to-peer traffic is a big problem for the ISPs,” says Andrew Parker, founder and CTO of CacheLogic, which sells switches and servers that let ISPs separate and cache peer-to-peer traffic to improve the performance of their networks. “As much as 80% to 90% of upstream traffic on the last mile is peer-to-peer.”

CacheLogic says that when it was conducting a field trial for a Tier 1 European ISP, it found peer-to-peer traffic volumes were at least double and sometimes 10 times higher than that of other Web traffic during peak evening hours.

Top-tier ISPs in the U.S. report less peer-to-peer traffic because they carry more business-oriented traffic.

Peer-to-peer traffic is “certainly less than half” of AT&T’s overall IP traffic, says Craig Uthe, AT&T’s IP network product management director. “Web traffic is clearly the biggest portion of our IP traffic.”

Sprint says 21% of its overall traffic is identifiable peer-to-peer traffic. In addition, peer-to-peer sites account for some of Sprint’s Web and TCP traffic, which together represent 60% of its overall traffic.

“Peer-to-peer is clearly a large amount of our traffic,” says Chase Cotton, director of data engineering for Sprint. “Our network is designed to carry those packets, and someone is paying for them to be carried. So for me it doesn’t matter what the traffic is being used for.”

As ISPs struggle with managing the deluge of peer-to-peer traffic, start-ups such as CacheLogic, P-Cube and Sandvine offer products that help analyze their traffic so they can segment and support peer-to-peer applications more cost-effectively.

Peer-to-peer traffic is hard to measure because it is very dynamic. Popular peer-to-peer sites such as BitTorrent, eDonkey and FastTrack use dynamic ports, hashes, tunneling and other tricks so traffic appears to be something other than peer-to-peer file swapping.

“Peer-to-peer is a difficult problem for corporate network managers to deal with because it masquerades as something else,” Parker says. “The peer-to-peer clients are very sophisticated, and they work hard to circumvent [firewalls, proxies and other perimeter defenses]. You have to look deep into the traffic. . . . It’s not a simple job for network managers to block these applications.”

The number of peer-to-peer sites has ballooned, offering more than just music, videos and software for swapping and downloading. Some peer-to-peer sites support online gaming or chatting between end users. A new service called Skype uses peer-to-peer technology to support VoIP calls.

“In the past year, the number of peer-to-peer sites that we’ve categorized has risen from 434 to just over 2,000 sites,” says Leo Cole, vice president of marketing for Websense. “That’s a pretty substantial increase in just a year.”

Websense, SurfControl and others offer software that lets companies filter peer-to-peer traffic by the underlying protocols they use rather than by port or Web address. SurfControl shipped in July a new version of its software that dynamically updates the protocols it can filter as new peer-to-peer threats emerge.

Filtering is critical because the content available through peer-to-peer Web sites is getting more dangerous. New types of viruses and worms such as MyDoom/Sober-C are spread via peer-to-peer networks, and peer-to-peer clients often contain spyware and Trojan horses.

“What we’re finding is that peer-to-peer traffic is more of a security risk than we initially thought,” Cole says. “Peer-to-peer traffic bypasses the traditional perimeter security that corporations have. Peer-to-peer applications are being targeted more by malicious code and hackers.”

Legal view

Much of the content that can be downloaded via peer-to-peer sites puts companies at risk of lawsuits. Security vendor Palisades Systems estimates that 56% of all content on peer-to-peer sites violates copyrights.

Palisades also found in a study that 42% of all search requests on the popular Gnutella peer-to-peer network were for pornographic files and 6% of all search requests were for child pornography.

The legal risks of letting employees use corporate networks to share or download copyrighted materials are serious. The Recording Industry of America (RIAA) this spring stepped up its campaign against users of file-sharing applications. In 2000, RIAA received a $1 million settlement from an Arizona company that provided a server that let employees access copyrighted music on its corporate network.

Meanwhile, the U.S. Senate in June passed legislation that would let the Department of Justice file civil suits against individual copyright infringers. Another bill introduced in June would let copyright holders sue companies that run file-sharing sites that support copyright infringement.

“If any of these laws are passed [by Congress], that’s going to be additional evidence that [peer-to-peer traffic] is not a good thing in the corporate network,” Gartner’s Leong says.

Not all peer-to-peer traffic is illegal, of course. For example, the BBC plans to make its content available via peer-to-peer file-sharing services, and Red Hat is distributing its flavor of Linux via BitTorrent.

“There are lots of good uses for peer-to-peer. It’s not just for distributing copyrighted material,” Parker says. “Lots of people will be using these sites for legitimate uses, and there’s no way for ISPs to block the bad material and keep the good material.”

Nonetheless, corporations might want to block peer-to-peer sites offering legal content because they eat up precious network bandwidth and consume employee productivity.

“We’ve worked with some customers about the issue of peer-to-peer traffic polluting their bandwidth,” says Alex Gerber, a network researcher with AT&T Labs Research.

“For the enterprise customers, since peer-to-peer is generating so much traffic, one user downloading a movie can impact the whole network for a small company or branch office,” he says.

Users are taking the bandwidth drain seriously.

“I look to see what applications are sucking up bandwidth,” says Richard Ramos, a systems administrator for the New Orleans Center for Creative Arts who uses Websense on his network of 100 PCs. “If I see someone accessing a peer-to-peer site, I just lock down that machine and reprimand that user.”