======= Review 1 =======
> *** Recommendation: Your overall rating (Please try giving as few borderlines as possible).
B+ = (top 20% of reviewer's perception of all INFOCOM submissions, but
B+ not top 10%) (4)
> *** Contributions: What are the major issues addressed in the paper? Do you consider them important? Comment on the novelty, creativity, impact, and technical depth in the paper.
The paper describes a tool and measurement data of P2P file download requests to incorrect IP addresses. Three data sources are used, including a honeynet developed by the authors, and a tool is built to analyze and classify the problems.
> *** Strengths: What are the major reasons to accept the paper? [Be
> brief.]
The paper proceeds in a systematic fashion from analysis of the data, tool design, and analysis/classification of eMule and BitTorrent results. As far as I know, the study is novel. The anti-P2P results are interesting.
> *** Weaknesses: What are the major reasons NOT to accept the paper?
> [Be brief.]
The problem is pretty narrow; although the traffic accounts for significant backscatter, it does not appear to be a major/increasing/long-lasting problem in the Internet as a whole. The writing of the paper is sloppy at times.
> *** Detailed Comments: Please provide detailed comments that will help the TPC assess the paper and help provide feedback to the authors.
Overall, this appears to be an interesting and novel study, and the work appears systematic. The various choices made are well-justified.
The main concern is that this appears to be a work of short term importance: as the bugs discovered are fixed, the problem will go away.
The paper asserts on page 4 that the problem will increase, but that contradicts the results which illustrate, for example, a byte order bug in aMule and KTorrent that will likely be fixed!
I found the anti-P2P discussion interesting.
The writing of the paper is rather sloppy. The paper is crammed with use of vspace*, but the first two pages contain a lot of redundancy and repeated sentences.
The paper mentions P2P protocol signatures without being specific on what these signatures are. The discussion of the design of P2PScope could be improved to be more precise.
Several typos appear, e.g., page 3: "stabler", page 4: "linearly extrapolation", page 5: "lack of documentation" instead of "lack documentation", page 5: "easily adopted" instead of "easily adapted", page 6: "technique report", page 7: "little coordinated" and "random generated" and "discuss the next", page 8: "the UTorrent", ... etc.
======= Review 2 =======
> *** Recommendation: Your overall rating (Please try giving as few borderlines as possible).
C = (top 50% of reviewer's perception of all INFOCOM submissions, but not top 30%) - weak reject (2)
> *** Contributions: What are the major issues addressed in the paper? Do you consider them important? Comment on the novelty, creativity, impact, and technical depth in the paper.
The paper studies address-misconfiguration in various peer-to-peer applications based on data traces collected from honeynets over a large period of time.
> *** Strengths: What are the major reasons to accept the paper? [Be
> brief.]
The paper is based on a large data set collected from honeynets. This is a very interesting way to bring insight into peer-to-peer systems.
> *** Weaknesses: What are the major reasons NOT to accept the paper?
> [Be brief.]
I am not convinced that the address-misconfiguration in peer-to-peer systems is as critical to the Internet as the authors make out. The methodology used may well amplify the problem studied.
> *** Detailed Comments: Please provide detailed comments that will help the TPC assess the paper and help provide feedback to the authors.
This paper brings some interesting insight into the actual working of p2p systems.
However, I am a little worried about the methodology used here: the hosts on the honeynets seem to keep clients, misconfigured or not, "talking" by responding to them with "fake" responses. This does bias the measurement system to generate more traffic than would normally occur. Indeed, unless the target host of a misconfiguration is a normal host of the p2p network, it will simply refuse the corresponding TCP connection (as it won't be listening on the corresponding port). Hencel, the results presented in the paper are certainly inflated.
All-in-all, this leaves this reader wondering just how serious the problem under study really is in practice.
======= Review 3 =======
> *** Recommendation: Your overall rating (Please try giving as few borderlines as possible).
B = (top 30% of reviewer's perception of all INFOCOM submissions, but not top 20%) - weak accept (3)
> *** Contributions: What are the major issues addressed in the paper? Do you consider them important? Comment on the novelty, creativity, impact, and technical depth in the paper.
This paper proposed the measurement and diagnosis of the address misconfiguration problem in P2P systems. The measurement was done by the honeynets/honeyfarms and lasted for about four years. To facilitate the measurement, a system named P2PScope was designed to detect address misconfiguration, track peers and help to diagnose possible root causes. The results show that the address-misconfigured P2P traffic is prevalent (38.9% in terms of the number of connections) and the root causes are mainly the byte order bug on representing network address and anti-P2P companies deliberately injecting invalid peers.
> *** Strengths: What are the major reasons to accept the paper? [Be
> brief.]
The result that the address-misconfigured P2P traffic is prevalent (38.9% in terms of the number of connections) is interesting to some extent. P2PScope is proposed to detect, track such address misconfiguration events and help to diagnose possible root causes. The presentation of the paper is good and easy to follow.
> *** Weaknesses: What are the major reasons NOT to accept the paper?
> [Be brief.]
Some of the contributions claimed by this paper are questionable. Studying the general misconfigured P2P may be interesting and important, but the reviewer is not convinced that the address misconfiguration problem discussed in this paper is an important issue. Also, some technical issues exist in the design of P2PScope, which may cause the measurement not accurate or invalid. Please refer to the detailed comments.
> *** Detailed Comments: Please provide detailed comments that will help the TPC assess the paper and help provide feedback to the authors.
1) The paper claimed that one of its contributions is to discover the existence of address-misconfigured P2P traffic and the first to study such traffic. However, as mentioned in the related work, Yegneswaran et al. [3] has already compared the P2P address misconfigeration with botnets and worms. This raises the reviewer's concerns on the validity of the claim.
2) The motivation of this work is that the address misconfiguration problem in P2P systems is very important. However, based on what is presented in the paper, the reviewer is not fully convinced. First, the paper only showed the P2P address misconfiguration traffic contributes 38.9% of Internet background radiation in terms of connections. What is the percentage in terms of bandwidth consumption? The paper only gave the value of 7.9Gb/s globally without comparison to total bandwidth consumed by Internet background radiation. Actually, when applying 7.9Gb/s to links in the whole internet, the reviewer is not convinced that it would cause enormous costs to ISPs, especially comparing with botnet sweeps, worm outbreaks and DDoS attacks as well as the normal P2P traffics.
3) Also, based on the paper, the root causes of the address misconfiguration problem in P2P systems are byte order bug on representing network address and anti-P2P companies deliberately injecting invalid peers. And the first cause is more prevalent (identified in both eMule and BitTorrent). However, this cause (the byte order bug on representing network address) is not new and is very common during a network software development. And detecting and fixing the bug looks more like a software engineering problem rather than a networking problem, which makes the finds from the measurement less interesting to the networking community.
4) Another concern comes from the designing and using of P2P responders in the honeynets/honeyfarms to emulate corresponding P2P protocols. As said in the paper, most of misconfigured addresses are disseminated by source exchange protocol (in eMule) or peer exchange protocols (in BitTorrent). However, since the P2P responder run in the honeynets/honeyfarms would respond to communications by such protocols, will this bring unwanted impacts to the measured misconfigured address dissemination? For example, if the requests to the misconfigured addresses (emulated by the honeynets/honeyfarms) get no responds, the peers sending such requests would simply remove these addresses from their lists. Now these peers receive correct responds from these addresses (sent by the responders designed in the paper for the honeynets/honeyfarms), the peers may deem these addresses valid and further disseminate them to other peers. If it is the case, the measurement results would be exaggerated.
======= Review 4 =======
> *** Recommendation: Your overall rating (Please try giving as few borderlines as possible).
B+ = (top 20% of reviewer's perception of all INFOCOM submissions, but
B+ not top 10%) (4)
> *** Contributions: What are the major issues addressed in the paper? Do you consider them important? Comment on the novelty, creativity, impact, and technical depth in the paper.
In this paper, the authors discover the existence and prevalence of address misconfigured P2P traffic which is caused by a large number of peers sending peer-to-peer downloading requests to a random target on the Internet. A measurement tool called P2PScope is designed to detect and diagnose the root causes of address misconfigured P2P traffic. By employing this tool, the root causes can be found. In addition, they discover that the root causes of different P2P systems are distinct by analyzing the P2P systems such as eMule and BitTorrent.
> *** Strengths: What are the major reasons to accept the paper? [Be
> brief.]
To analyze and detect the misconfigured P2P traffic, the authors make use of the data at three different honeynet sensors spanning four years. Moreover, the authors are the first to define and study the address misconfiguration P2P traffic. In addition, detection subsystem including passive monitoring module, backtracking module and information flow tracking module are designed and implemented. Via their detection subsystem and diagnosis subsystem to evaluate the datasets, the root causes are found in two famous P2P systems, eMule and BitTorrent. We consider that the results are believable and useful.
> *** Weaknesses: What are the major reasons NOT to accept the paper?
> [Be brief.]
The information flow tracking module is not automatic. Since the P2P client softwares and versions are diverse, the manual approach to install the suspected softwares and detect the inbound and outbound traffic of the peers is not a good idea.
Some effective and efficient countermeasures should be proposed to deal with the address misconfigured P2P traffic.
The symbol after the word "msiconfiguration" should be deleted in the first paragraph, section I. The full name of the word "DMCA" should be indicated in subsection A, section III.
> *** Detailed Comments: Please provide detailed comments that will help the TPC assess the paper and help provide feedback to the authors.
In this paper, the authors discover the existence and prevalence of address misconfigured P2P traffic which is caused by a large number of peers sending peer-to-peer downloading requests to a random target on the Internet. A measurement tool called P2PScope is designed to detect and diagnose the root causes of address misconfigured P2P traffic. By employing this tool, the root causes can be found. In addition, they discover that the root causes of different P2P systems are distinct by analyzing the P2P systems such as eMule and BitTorrent.
To analyze and detect the misconfigured P2P traffic, the authors make use of the data at three different honeynet sensors spanning four years. Moreover, the authors are the first to define and study the address misconfiguration P2P traffic. In addition, detection subsystem including passive monitoring module, backtracking module and information flow tracking module are designed and implemented. Via their detection subsystem and diagnosis subsystem to evaluate the datasets, the root causes are found in two famous P2P systems, eMule and BitTorrent. We consider that the results are believable and useful.
This paper is well written and presented.
Some of my concerns:
1. The information flow tracking module is not automatic. Since the P2P client software and versions are diverse, the manual approach to install the suspected software and detect the inbound and outbound traffic of the peers is not a good idea.
2. Some effective and efficient countermeasures should be proposed to deal with the address misconfigured P2P traffic.
3. The symbol after the word "msiconfiguration" should be deleted in the first paragraph, section I. The full name of the word "DMCA" should be indicated in subsection A, section III.
======= Review 5 =======
> *** Recommendation: Your overall rating (Please try giving as few borderlines as possible).
B+ = (top 20% of reviewer's perception of all INFOCOM submissions, but
B+ not top 10%) (4)
> *** Contributions: What are the major issues addressed in the paper? Do you consider them important? Comment on the novelty, creativity, impact, and technical depth in the paper.
This paper studies the problem of address misconfigured traffic in peer-to-peer networks. It discovers that the wide existence of address-msconfigured traffic P2P traffic. In addition, it develops a measurement tool to detect misconfiguration of a particular variant of P2P software. This study is new and of importance to design better P2P software. The study is supported by a large volume of trace data from Honeynet.
> *** Strengths: What are the major reasons to accept the paper? [Be
> brief.]
The paper studies a relatively new and important problem of address-misconfigured traffic in P2P networks. It attributes such traffic to particular P2P software and proposes methods for finding the root causes. The study is solid as it is based on a large volume of trace data collected fro the Internet which spanned for four years.
> *** Weaknesses: What are the major reasons NOT to accept the paper?
> [Be brief.]
The parts of analysis are not complete or not precise.
> *** Detailed Comments: Please provide detailed comments that will help the TPC assess the paper and help provide feedback to the authors.
This paper discovers that the wide existence of address-msconfigured traffic P2P traffic. In addition, it develops a measurement tool to detect misconfiguration of a particular variant of P2P software.
The paper studies a relatively new and important problem of address-misconfigured traffic in P2P networks. It attributes such traffic to particular P2P software and proposes methods for finding the root causes. The study is solid as it is based on a large volume of trace data collected fro the Internet which spanned for four years.
There are some faults:
- In the estimation of the percentage of address-misconfigured P2P traffic in Internet background radiation traffic, the paper assumes that the percentage in each /8 prefix of the Honeynet sensors as an independent sample. This assumption is over strong and unrealistic.
- There could be numerous causes for address misconfiguration. The diagnosis subsystem is hardly to cover all of the causes.