November 21, 2024

What Hollywood Wants to Do To P2P Users

The written version of Randy Saaf’s testimony at yesterday’s Berman-Coble hearings is now available. It is longer than his oral statement and answers a key technical question.

Saaf runs a company called Media Defender (MD) that tries to disrupt p2p networks on the behalf of copyright holders. All of the speakers at the hearings agree that the steps that MD uses now are legal. The key question was this: What do MD and Hollywood want to do that would be legalized by Berman-Coble?

The only example that anybody could give was a method that Saaf (misleadingly) calls “interdiction.” He gave a vague description of it yesterday, and I wrote that it “sounds to me like a classic denial of service attack.”

Saaf’s written testimony offers more detail:

Interdiction only targets uploaders of pirated material. The way it targets them is to simply download the pirated file. MediaDefender’s computers hook up to the person using the P2P protocol being targeted and download the pirated file at a throttled down speed. MediaDefender’s computers just try to sit on the other computers’ uploading connections as long as possible, using as little bandwidth as possible to prevent others from downloading the pirated content….

Interdiction works by getting in front of potential downloaders when someone is serving pirated content using a P2P network. When MediaDefender’s computer’s see someone making a copyrighted file available for upload, our computers simply hook into that computer and download the file. The goal is not to absorb all of that user’s bandwidth but block connections to potential downloaders. If the P2P program allows ten connections and MediaDefender fills nine, we are blocking 90% of illegal uploading.

That’s a denial of service attack, folks. The attack operates not by exhausting the target’s bandwidth, but by exhausting the number of connections it can make simultaneously. Connection-exhaustion attacks are a well recognized from of denial of service; other examples of such attacks include so-called “SYN flooding.”

It appears that common p2p software limits the number of connections it will service at one time. By occupying the available connections, the “interdiction” attack prevents new connections from being made. The effect is to cut off all uploads from the attacked p2p program (but not from the rest of the computer).

Note that this blocks access to all uploads from the p2p program, including uploads of noninfringing files.

There are various simple countermeasures that the p2p vendors could – and presumably will – adopt to frustrate this attack. One thing they could do is to lift their self-imposed limit on the number of connections their program will accept. If they do this, then an “interdiction” attack would have to occupy all of the machine’s connections, thus blocking all uploads of any kind, by any program, from the machine.