14.10.2014 Views

Policy enforcement in Peer-to-Peer networks using open-source tools

Policy enforcement in Peer-to-Peer networks using open-source tools

Policy enforcement in Peer-to-Peer networks using open-source tools

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

<strong>Policy</strong> Enforcement <strong>in</strong> <strong>Peer</strong>-<strong>to</strong>-<strong>Peer</strong> Networks Us<strong>in</strong>g Open Source Tools<br />

Khurram Bhatti<br />

Bahria University, Islamabad<br />

khurramcap@yahoo.com<br />

Atif Shehzad<br />

Bahria University, Islamabad<br />

melleck66@yahoo.com<br />

Paper ID — ICOST2006-4<br />

M. Hassan Islam<br />

CASE, Islamabad<br />

mhasanislam@yahoo.com<br />

Abstract<br />

In spite of advances made <strong>in</strong> the world of network<br />

security, a vast majority of security <strong>in</strong>cidents are still<br />

attributed <strong>to</strong> the “<strong>in</strong>ternal threat” – end users – responsible<br />

for mis-configur<strong>in</strong>g devices and programs, unknow<strong>in</strong>gly<br />

propagat<strong>in</strong>g malicious code, or disclos<strong>in</strong>g proprietary<br />

bus<strong>in</strong>ess <strong>in</strong>formation. The emerg<strong>in</strong>g P2P systems have<br />

characteristics that can turn them <strong>in</strong><strong>to</strong> an attractive<br />

<strong>in</strong>frastructure can be exploited <strong>to</strong> breach the security of a<br />

network, if policy regard<strong>in</strong>g their usage <strong>in</strong> not <strong>in</strong> place. A<br />

rapidly evolv<strong>in</strong>g and chang<strong>in</strong>g technology, IDS is a defense<br />

system, purpose <strong>to</strong> f<strong>in</strong>d security violations and detects hostile<br />

activities <strong>in</strong> a host or network .IDS is capable <strong>to</strong> provide a<br />

view of unusual activity and issue alerts notify<strong>in</strong>g<br />

adm<strong>in</strong>istra<strong>to</strong>rs. Accord<strong>in</strong>g <strong>to</strong> Amoroso [1] "Intrusion<br />

Detection is a process of identify<strong>in</strong>g and respond<strong>in</strong>g <strong>to</strong><br />

malicious activity targeted at comput<strong>in</strong>g and network<strong>in</strong>g<br />

re<strong>source</strong>s", also IDS can dist<strong>in</strong>guish between external attacks<br />

by hackers and <strong>in</strong>ternal orig<strong>in</strong>at<strong>in</strong>g from <strong>in</strong>side the<br />

organization. At the simplest level, you can th<strong>in</strong>k of and IDS<br />

as an alarm system, IDS provides much for computers what<br />

the alarm system provides for organization's physical<br />

security. Us<strong>in</strong>g the same defense system, this paper talks<br />

about what a P2P application is with problems when they are<br />

on any host or network. Implementation was done at<br />

iPhonica us<strong>in</strong>g different OpenSource [14] <strong>to</strong>ols <strong>to</strong> come up<br />

with a solution.<br />

Index Terms: Security moni<strong>to</strong>r<strong>in</strong>g, snort, P2P, signature<br />

based, anomaly based, rule based, NIDS, HIDS. <strong>Policy</strong><br />

<strong>enforcement</strong>.<br />

1. Introduction<br />

Internet started with limited s<strong>to</strong>rage and comput<strong>in</strong>g<br />

re<strong>source</strong>s and now it has <strong>in</strong>creased at tremendous rate. [2] To<br />

share re<strong>source</strong>s on <strong>in</strong>ternet ma<strong>in</strong>ly there are two architecture<br />

used, client-server and peer-<strong>to</strong>-peer. In first architecture<br />

though more than one server can be used <strong>to</strong> avoid the<br />

<strong>in</strong>herent flaw of s<strong>in</strong>gle po<strong>in</strong>t failure and improved reliability<br />

and load balanc<strong>in</strong>g but still it is limited <strong>to</strong> number of user<br />

connected, bandwidth available etc. Performance of the<br />

server also depends upon the utilization/underutilization of<br />

CPU, memory free disk space <strong>in</strong> hard disk etc. The<br />

emergence of <strong>Peer</strong>-<strong>to</strong>-<strong>Peer</strong> architecture was based on<br />

utilization of not only the node itself but every other node<br />

member of the group. Thus <strong>in</strong>creas<strong>in</strong>g the reliability,<br />

Fault <strong>to</strong>lerance, load balanc<strong>in</strong>g au<strong>to</strong>matically. In p2p<br />

systems every nodes can share the re<strong>source</strong> of each other<br />

re<strong>source</strong>s without <strong>in</strong>tervention of server, [10] so computer<br />

can behave either as server or client depend<strong>in</strong>g on re<strong>source</strong><br />

share request.<br />

Despite these advantage p2p systems comes with many<br />

<strong>in</strong>herent security flaws because of its work<strong>in</strong>g structure.<br />

The emerg<strong>in</strong>g <strong>Peer</strong>-<strong>to</strong>-<strong>Peer</strong> systems have characteristics<br />

that turn them <strong>in</strong><strong>to</strong> an attractive <strong>in</strong>frastructure that can be<br />

used as attack platform. Attackers that compromise a P2P<br />

system can expect benefits such as a large number of<br />

participants, easy hid<strong>in</strong>g of attack control traffic and good<br />

global distribution of participat<strong>in</strong>g hosts. This gives attackers<br />

high flexibility and at the same time a small risk of be<strong>in</strong>g<br />

identified.<br />

P2P systems has brought many disadvantages over the<br />

<strong>in</strong>ternet which are ma<strong>in</strong>ly discussed <strong>in</strong> this presentation some<br />

of them are i.e. Bandwidth Utilization when used <strong>in</strong> limited<br />

dedicated bandwidth , Malicious code flow, Confidential<br />

company Information leakage.<br />

We believe that an <strong>in</strong>trusion detection system (IDS) can<br />

be the best <strong>to</strong>ol for detect<strong>in</strong>g a malicious P2P application<br />

because security flaws <strong>in</strong>troduced by P2P are not very<br />

specific, and a few of the important identify<strong>in</strong>g parameters<br />

(IP address, port numbers etc) can vary even with<strong>in</strong> the same<br />

application. Moreover, because of the <strong>in</strong>herent anonymity<br />

associated with P2P host, detection of a malicious node is<br />

very difficult.<br />

In part 2 of this paper we have discussed some of the<br />

security problems associated with p2p application. Next<br />

phase deals with traffic analyses of p2p application which<br />

helps <strong>to</strong> generate signatures based on packet fields. These<br />

signatures are then fed <strong>in</strong> snort rules database as discussed <strong>in</strong><br />

part three and four respectively.<br />

2. Problems with P2P applications<br />

The decentralized nature of peer-<strong>to</strong>-peer file shar<strong>in</strong>g<br />

removes the need for a central server, and removes the<br />

possibility of centralized control [5] [12]. Because peer-<strong>to</strong>peer<br />

file shar<strong>in</strong>g <strong>networks</strong> do not require a central server,<br />

they are more scalable and more redundant than centralized<br />

file shar<strong>in</strong>g schemes. <strong>Peer</strong>-<strong>to</strong>-peer file shar<strong>in</strong>g <strong>networks</strong> are<br />

also more resistant <strong>to</strong> legal attacks [13], because there is no


one central entity <strong>to</strong> file a lawsuit aga<strong>in</strong>st. To attack a peer<strong>to</strong>-peer<br />

file shar<strong>in</strong>g network, a claimant must file suits aga<strong>in</strong>st<br />

<strong>in</strong>dividual network users.<br />

Bandwidth Utilization: [6] Many organizations have taken<br />

<strong>to</strong> use l<strong>in</strong>ks <strong>to</strong> create virtual private <strong>networks</strong> between their<br />

officers or central office. VPN performance may suffer if<br />

legitimate traffic has <strong>to</strong> compete with non-bus<strong>in</strong>ess fileshar<strong>in</strong>g<br />

traffic. To cater with the issue traffic shap<strong>in</strong>g<br />

applications can be used so that p2p applications can not<br />

monopolize <strong>in</strong>ternet bandwidth.<br />

Malicious code: P2P applications can provide a conduit<br />

for malicious code <strong>to</strong> enter <strong>in</strong> network such as viruses and<br />

trajon horse programs are a danger ow<strong>in</strong>g <strong>to</strong> file shar<strong>in</strong>g p2p<br />

applications. But by deploy<strong>in</strong>g desk<strong>to</strong>p and server based<br />

antivirus scann<strong>in</strong>g def<strong>in</strong>itions it can greatly reduce the risk.<br />

Fake files [7] It is very hard sometimes <strong>to</strong> tell whether the<br />

files one is download<strong>in</strong>g are <strong>in</strong>deed the authentic files. Media<br />

giants offer apparently popular music or films <strong>to</strong> sniff out<br />

copyright viola<strong>to</strong>rs <strong>in</strong> an effort <strong>to</strong> try <strong>to</strong> protect their products<br />

from be<strong>in</strong>g distributed illegally onl<strong>in</strong>e.<br />

Vulnerable P2P application: [8] P2P applications require<br />

client software <strong>in</strong>stalled. So there are risks that application is<br />

badly code, and crashes the system or it conflicts with the<br />

environment set up for bus<strong>in</strong>ess purpose. There might be a<br />

cause that a p2p user has set up a p2p trap and does damage<br />

or allows <strong>to</strong> access more <strong>in</strong>formation than allowed.<br />

Information leakage: P2P application such as wrapster<br />

can provide an ideal cover and disguise data as Mp3 file and<br />

authorized system user is transferr<strong>in</strong>g <strong>in</strong>formation <strong>to</strong> another<br />

mach<strong>in</strong>e. Instant message provided by Microsoft, Yahoo and<br />

other can also be a great threat <strong>to</strong> the organization a mean <strong>to</strong><br />

transfer organization <strong>in</strong>side <strong>in</strong>formation <strong>to</strong> unauthorized<br />

users.<br />

Copyright issues [7] No one s<strong>in</strong>gle entity has de-fac<strong>to</strong><br />

control of what gets shared; there is an enormous amount of<br />

copyrighted works that are be<strong>in</strong>g illegally distributed without<br />

the consent of their crea<strong>to</strong>rs or rightful owners.<br />

Follow<strong>in</strong>g are few basic actions and technologies that can<br />

be taken <strong>to</strong> reduce these risks.<br />

Block traffic: [8] By block<strong>in</strong>g traffic between servers and<br />

peers, but it is possible that the p2p servers IP addresses<br />

change. Also p2p applications can connect <strong>to</strong> servers us<strong>in</strong>g<br />

socks proxy connections [14]. S<strong>in</strong>ce a proxy can be at any<br />

port and at any address, there is no way <strong>to</strong> prevent this from<br />

happen<strong>in</strong>g, which requires regular update <strong>to</strong> blockage part.<br />

Classify network traffic: [9] Classify<strong>in</strong>g network traffic<br />

<strong>in</strong><strong>to</strong> application and location based then analys<strong>in</strong>g them and<br />

f<strong>in</strong>ally apply<strong>in</strong>g bandwidth partition<strong>in</strong>g and per-session rate<br />

policies.<br />

Security flaws <strong>in</strong>troduced by p2p applications are not<br />

specific <strong>in</strong> any manner, hence there requires a generic<br />

solution<br />

Enforce policy: Enforce written security policies<br />

describ<strong>in</strong>g with applications are allowed <strong>to</strong> <strong>in</strong>stall on desk<strong>to</strong>p<br />

PCs.<br />

Antivirus products: To protect aga<strong>in</strong>st malware, servers,<br />

gateways and desk<strong>to</strong>p should be updated with antivirus<br />

products.<br />

Approach adopted <strong>to</strong> detect p2p applications is <strong>to</strong> focus<br />

on network traffic pattern be<strong>in</strong>g made by communicat<strong>in</strong>g<br />

p2p. Communication between client and server requires<br />

specific pro<strong>to</strong>cols for transactions.<br />

To start with the implementation follow<strong>in</strong>g steps were<br />

taken. Analysis of traffic generated by P2P applications,<br />

Identify unique traffic pattern. Writ<strong>in</strong>g detection rules us<strong>in</strong>g<br />

snort rule sets. Test the validity of signature rules for false<br />

positive and false negatives.<br />

3. Analysis, Design<br />

3.1. Traffic Analysis pattern identification<br />

Figure 1-A shows the actual network configuration and 1-<br />

B shows additional network traffic analyzer placement <strong>to</strong><br />

analyze the traffic. Switch has been replaced with Hub <strong>to</strong><br />

accomplish the purpose <strong>to</strong> mirror the same traffic <strong>to</strong> analyzer.<br />

Network traffic analyses was done us<strong>in</strong>g <strong>open</strong> <strong>source</strong> <strong>to</strong>ol<br />

Ethereal<br />

3.2. Limewire<br />

Figure 1 - Placement of network traffic analyzer<br />

We have selected Limewire [23] as the experimental p2p<br />

application. It is one of the fastest p2p file shar<strong>in</strong>g application<br />

over <strong>in</strong>ternet. It is <strong>open</strong> <strong>source</strong> application and works over<br />

Gnutella pro<strong>to</strong>col [24], which is one of the most widely used<br />

unstructured p2p pro<strong>to</strong>col. Follow<strong>in</strong>g is the traffic pattern<br />

detected when Limewire [23] connects <strong>to</strong> Gnutella network.<br />

Figure 2 - Show<strong>in</strong>g connect request <strong>to</strong> servers


alert udp $HOME_NET 6345:6349 -><br />

$EXTERNAL_NET 6345:6349 (msg: " P2P UDP traffic --<br />

Limewire"; threshold: type threshold,track by_src,count 40,<br />

seconds 300; classtype: policy-violation;<br />

reference:url,www.limewire.com;)<br />

Figure 3 - IP broadcast message by p2p server<br />

[11] From analysis of traffic pattern unique parameters<br />

were identified like a) Port 6364 b) User-Agent: LimeWire<br />

<strong>in</strong> request and response. c) GNUTELLA CONNECT<br />

alert tcp $HOME_NET any -> $EXTERNAL_NET any<br />

(msg: " P2P Gnutella Connect"; flow: established,<strong>to</strong>_server;<br />

content:"GNUTELLA CONNECT/"; nocase; offset: 0; depth:<br />

17; classtype: policy-violation;<br />

reference:url,www.gnutella.com;)<br />

3.4. Test<strong>in</strong>g signatures<br />

When snort was restarted with these new signatures<br />

loaded it captured traffic generated by p2p application<br />

connect<strong>in</strong>g <strong>to</strong> Gnutella network and logged <strong>to</strong> database<br />

configured. Alerts generated are shown <strong>in</strong> the figure below.<br />

Figure 4 - Connect request <strong>to</strong> server<br />

After number of traffic pattern and packet analysis<br />

follow<strong>in</strong>g snort signatures were developed.<br />

3.3. Build<strong>in</strong>g signatures<br />

Snort [20] an <strong>open</strong> <strong>source</strong> <strong>in</strong>trusion detection system is a<br />

packet sniffer/packet logger/network IDS. Its salient features<br />

are<br />

• Runs on multiple OSs.<br />

• Uses a hexdump payload dump.<br />

• Displays all the different network packets the same<br />

way.<br />

Snort’s first signature-based analysis (also known as<br />

rules-based with<strong>in</strong> the Snort community) became a feature <strong>in</strong><br />

late January 1999. As time progressed, so did the number of<br />

rules. The rule types <strong>in</strong>clude P2P, backdoor, distributed<br />

denial of service (DDoS) attacks, Web attacks, viruses, and<br />

many others.<br />

Based on packet analysis follow<strong>in</strong>g snort signatures are<br />

developed. [20]<br />

alert tcp $HOME_NET any -> $EXTERNAL_NET any<br />

(msg: " P2P LimeWire Traffic"; flow: established;<br />

content:"User-Agent\: LimeWire"; nocase; classtype: policyviolation;<br />

reference:url,www.limewire.com; )<br />

alert udp $HOME_NET 6346 -> $EXTERNAL_NET<br />

6346:6700 (msg: " P2P Limewire UDP Traffic";<br />

content:"|49 50 40 83 53 43 50 41|"; threshold: type<br />

threshold, track by_src,count 10, seconds 60; classtype:<br />

policy-violation; reference:url,www.limewire.com;)<br />

Figure 5 - Alert message with date, <strong>source</strong> and dest<strong>in</strong>ation ip<br />

address<br />

These figures are from BASE (Basic Analysis and<br />

Security Eng<strong>in</strong>e) [19] used as front end <strong>to</strong> view and manage<br />

different alerts generated.<br />

3.5. Stats<br />

These stats were taken by runn<strong>in</strong>g the rules on the p2p<br />

traffic along with normal network traffic.<br />

P2P<br />

application<br />

No of test<br />

procedures<br />

False<br />

Positive<br />

False<br />

Negatives<br />

Limewire 25 0 0 25<br />

SeelSouk 25 0 1 24<br />

Kaza 25 0 2 23<br />

Sheraza 25 0 1 24<br />

Overnet 25 0 3 22<br />

Bit<strong>to</strong>rent 25 0 2 23<br />

Ares 25 0 1 24<br />

Table 1 – Stats of true/false alerts<br />

4. Implementation at iPhonica<br />

4.1. Network Analysis<br />

True<br />

Positives<br />

Network at iPhonica [22] is designed <strong>to</strong> operate for data<br />

and VoIP traffic. As shown <strong>in</strong> Figure 6. Firewall is placed at<br />

software level <strong>in</strong> the ma<strong>in</strong> <strong>in</strong>ternet gateway which connects <strong>to</strong><br />

switch operat<strong>in</strong>g under VLAN, one switch provides ports <strong>to</strong><br />

SIP phones and other switch provides ports <strong>to</strong> the data<br />

network devices i.e Desk<strong>to</strong>p computers.


4.2. Solution overview<br />

Figure 6 - Iphonica Network layout<br />

Solution is divided <strong>in</strong><strong>to</strong> 4 modules that comb<strong>in</strong>e as s<strong>in</strong>gle<br />

product <strong>to</strong> perform NIDS function.<br />

A: Mach<strong>in</strong>e <strong>in</strong>stalled with gen<strong>to</strong>o l<strong>in</strong>ux [15] (L<strong>in</strong>ux<br />

distribution) runn<strong>in</strong>g snort <strong>in</strong> promiscuous mode.<br />

B: Database server, with snort database s<strong>to</strong>rage plug-<strong>in</strong><br />

schema <strong>in</strong>stalled. Database can be among, Postgresql [18],<br />

mysql, Oracle, adodb ODBC.<br />

C: Webserver mach<strong>in</strong>e, runn<strong>in</strong>g apache httpd [17]<br />

daemon <strong>to</strong> serve BASE <strong>in</strong>terface, BASE connects <strong>to</strong> database<br />

server and provides reports on the alerts and logs generated.<br />

D: Viewer allowed <strong>to</strong> access BASE [19] Interface,<br />

accessible from any browser, mozill, firefox, opera etc…<br />

Figure 8 - Network layout with NIDS deployed<br />

Figure 8 shows the placement of NIDS sensors. One<br />

sensor is placed before the firewall and another on the data<br />

network part. Sensor-1 placed before the firewall gives us<br />

reports on what k<strong>in</strong>d of traffic we are receiv<strong>in</strong>g on <strong>in</strong>ternet<br />

gateway. While sensor-2 looks for malicious packets that has<br />

passed from the firewall placed.<br />

Figure 9 shows when sensors with p2p rules. If any client<br />

on the data network runs a p2p application and communicates<br />

with p2p network, it’ll be detected by sensor 1, 2 and logged<br />

<strong>to</strong> the database.<br />

Figure 7 - Solution Inter flow<br />

Figure 9 - Network layout NIDS deployed, communication between<br />

p2p client and server


4.3. Open Source <strong>to</strong>ols<br />

Follow<strong>in</strong>g are the <strong>open</strong> <strong>source</strong> [14] <strong>to</strong>ols used <strong>to</strong><br />

implement this solution a) L<strong>in</strong>ux: [15] Unix like operat<strong>in</strong>g<br />

system with CLI and X w<strong>in</strong>dows <strong>to</strong> <strong>in</strong>teract b) PHP: [16] is<br />

server side script<strong>in</strong>g language <strong>to</strong> create dynamic pages on<br />

runtime c) Apache: [17] Apache software foundation has<br />

httpd deamon application <strong>to</strong> serve pages on server side and is<br />

known as webserver. d) Postgresql: [18]A relational database<br />

system e) BASE: [19]BASE is a management portal for all<br />

alerts generated by snort e) SNORT: [20]An Intrusion<br />

detection system which can generate alerts and log related<br />

activity based on the def<strong>in</strong>ed rules and can work at host and<br />

network level. f) Ethereal: [21] Ethereal is network traffic<br />

sniffer application used for packet dissection and analysis.<br />

9. Conclusion<br />

We believe that the successful implementation of a policy<br />

is dependent not only on a well coded software but of the<br />

awareness if users and other allied staff. Furthermore, due <strong>to</strong><br />

short development cycles, cross platform implementation and<br />

vary<strong>in</strong>g level of competencies of designers, detection of P2P<br />

application is becom<strong>in</strong>g a colossal task. Best results can be<br />

achieved by understand<strong>in</strong>g the practical limitations as well as<br />

the capabilities of the technology. The facts such as unbridled<br />

growth of <strong>in</strong>ternet, <strong>open</strong><strong>in</strong>g up <strong>in</strong> electronic trade and lack of<br />

secure systems make it important and pert<strong>in</strong>ent filed of<br />

research, though IDS can't give you 100 performances but it<br />

def<strong>in</strong>itely can lower security breaches, and attacks.<br />

10. References<br />

[1] E. Amoroso, Wykrywanie <strong>in</strong>truzów, Wydawnictwo RM,<br />

Warszawa 1999.<br />

[2] James P. Anderson. Computer Security Threat Moni<strong>to</strong>r<strong>in</strong>g and<br />

Surveillance, James P. Anderson Co., Fort Wash<strong>in</strong>g<strong>to</strong>n, PA (Apr.<br />

1980).<br />

[3] Przemyslaw Kazienko & Piotr Dorosz. Intrusion Detection<br />

System.<br />

[4] Tim Crothers. Implement<strong>in</strong>g Intrusion Detection Sytems.<br />

[5] What is peer-<strong>to</strong>-peer file shar<strong>in</strong>g, http://www.tech-faq.com/p2ppeer-<strong>to</strong>-peer-file-shar<strong>in</strong>g.shtml.<br />

[6] Us<strong>in</strong>g Intrusion Detection <strong>to</strong> Detect Malicious <strong>Peer</strong>-<strong>to</strong>-<strong>Peer</strong><br />

Network. ww.cms.livjm.ac.uk/pgnet2003/submissions/Paper-25.pdf.<br />

[7] SoftCat.<br />

www.softcat.com/articles.php?cmd=showarticle&id=100.<br />

[8] Alberg. Information Security Magaz<strong>in</strong>e,<br />

http://<strong>in</strong>fosecuritymag.techtarget.com/articles/february01/cover.sht<br />

ml.<br />

[9] CISCO. Classify<strong>in</strong>g Network Traffic.,<br />

http://www.cisco.com/en/US/products/ps6350/products_configurati<br />

on_guide_chapter09186a00804a0b41.html<br />

[10] Bradley Mitchell. P2P Network<strong>in</strong>g and P2P Software,<br />

http://compnetwork<strong>in</strong>g.about.com/od/p2ppeer<strong>to</strong>peer/a/p2p<strong>in</strong>troducti<br />

on.htm.<br />

[11] Advanced Network Architecture Research Group. P2P<br />

Network Architecture, http://www-mura.ist.osaka-u.ac.jp/researche.html.<br />

[12] Clay Shirky. What is P2P… And What Isn’t,<br />

http://www.<strong>open</strong>p2p.com/pub/a/p2p/2000/11/24/shirky1-<br />

whatisp2p.html. “O`REILLY Openp2p.com” 11/24/2000<br />

[13] P2Pattacks,<br />

http://www.cs.kent.edu/~javed/DL/surveys/IAD06S-<br />

P2PVulnerabilities-marl<strong>in</strong>g/<strong>in</strong>dex.html.<br />

[14] Def<strong>in</strong>itions for OpenSource<br />

http://en.wikipedia.org/wiki/OpenSource.<br />

[15] L<strong>in</strong>ux , Gen<strong>to</strong>o l<strong>in</strong>ux http://www.gen<strong>to</strong>o.org.<br />

[16] PHP, http://www.php.net.<br />

[17] Apache, http://www.apache.org.<br />

[18] PostgreSQL, http://www.postgresql.org.<br />

[19] ACID/BASE, http://secureideas.<strong>source</strong>forge.net.<br />

[20] Snort IDS, http://www.snort.org.<br />

[21] Ethereal, http://www.ethereal.com.<br />

[22] iPhonica LLC, http://www.iphonica.com.<br />

[23] Limewire P2P application, http://www.limewire.org.<br />

[24] GNUTella Network, http://www.gnutella.com.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!