Research Abstracts - 2007

Internet Port Blocking

As the Internet has matured, its success has spurred not only technical innovation, but also social, economic and regulatory responses [1]. One initially unanticipated response is a form of policy control employed by network operators known as "port blocking." Port blocking relies on the close coupling between particular applications and their assigned TCP or UDP port. Since many applications use well-known port numbers, port blocking is one technique to stop traffic belonging to a particular application or class of application.

The prevalence and type of port blocking is of technical interest to application developers and academics but, perhaps more importantly, has prominently arisen in regulatory and policy debates -- in particular debates over network neutrality [2]. For example, the United States FCC recently ordered a provider to cease port blocking a competing telephony service. While many definitions of neutrality exist, port blocking is an important and well-defined dimension of the debate. Unfortunately, many underlying arguments that guide neutrality discussions are based on assumptions rather than careful measurement.

Rogue Super Peer

This research seeks to quantify the extent of port blocking on the Internet. We use a hybrid active/passive measurement-based approach that is capable of rapidly testing large portions of the Internet topology. Our scheme induces peer-to-peer (P2P) clients in the Gnutella network to probe for port blocking as part of their natural overlay formation process without degrading or disrupting the performance of the network.

Unstructured overlays such as Gnutella allow nodes to interconnect with minimal constraints. To scale, they rely on a two-level hierarchy of leaves and "SuperPeers" [3]. The Gnutella overlay is formed organically with SuperPeers actively managing the number of connections they maintain. A peer can turn away connection requests via a "busy" message. The busy response also includes a list of other peers to try so that new nodes can bootstrap. Nodes successively attempt connections until they find a stable set of peer links. Our system crucially relies on the fact that this busy "referral" includes both the IP address and port number of other peers to contact.

Figure 1 depicts the high-level architecture of our system. We manage two separate machines, a Rogue SuperPeer (RSP) and a measurement host. The RSP joins the Gnutella SuperPeer mesh and routes queries and responses according to the normal Gnutella protocol. Once connected, the presence of our RSP is advertised by other SuperPeers. When new leaf node clients attempt to connect to our RSP (step 1), it sends a busy message and advises the client to try connecting to our measurement host (step 2). In this fashion, we have effectively tricked the client into sending a packet to the IP and port number of our choice (step 3).

Figure 1. Port blocking measurement methodology. We implement a Rogue SuperPeer (RSP) and join the Gnutella network. (1) A client attempts to connect; (2) The RSP rejects with a busy reply suggesting the client try port 25 on a measurement host under our control; (3) By correlating received TCP connections, we can create an Internet-wide map of port blocking.

We use a BGP routing table to understand which IP prefix blocks belong to which service provider networks. By intelligently selecting the port in the busy redirect message on the basis of the client's network we can build an Internet-wide map of port blocking.

Note that any distributed system which allows arbitrary redirection messages is suitable for our task, for instance Bittorrent, HTTP links, etc. However, we choose Gnutella since we can easily globally advertise the presence of our SuperPeer. Because of the size and scope of the Gnutella network, approximately 3B users [4], our method can elicit a large number of connections and thus redirect them for measurement purposes.

Findings and Continuing Research

Given the infancy of our scheme and the broader understanding of network neutrality, we expect this work to pose as many questions as it answers. Our research is exciting first because it leverages existing P2P networks in order to perform large scale Internet measurement without affecting the overlay. Second, it represents some of the first real measurements in the prominent network neutrality debates. Our conference paper [5] gives detailed findings.

There are several interesting and hard data analysis problems we plan to investigate going forward. Port-specific traceroutes to clients in our study could reveal ingress properties, filtering asymmetry and yield useful path information. By finding partially coincident AS paths with opposite blocking policies, we can infer where in the network blocking occurs. In addition we are conducting new studies using other overlay infrastructures to eliminate sources of potential bias in our results.

References:

[1] kc. Claffy. Top Problems of the Internet and what can be done to help. In AusCERT. May, 2005.

[2] T. Wu. Network Neutrality, Broadband Discrimination. In Telecommunications and High Technology Law, vol 2, 2005.

[3] D. Stutzbach, R. Rejaie and S. Sen. Characterizing unstructured overlay topologies in modern P2P file-sharing systems. In Proceedings of ACM SIGCOMM Internet Measurement Conference, Oct. 2005.

[4] A. H. Rasti, D. Stutzbach and R. Rejaie. On the long-term evolution of the two-tier gnutella overlay. In IEEE Global Internet, 2006.

[5] R. Beverly, S. Bauer and A. Berger. The Internet's Not a Big Truck: Toward Quantifying Network Neutrality. In Proceedings of Passive and Active Measurement Conference pp. 135--144, April, 2007.