[unisog] Experiences with PlanetLab

John Kristoff jtk at northwestern.edu
Mon Feb 20 21:43:52 GMT 2006


On Mon, Feb 20, 2006 at 04:00:30PM -0500, John H. Sawyer wrote:
> We have a couple of hosts on our campus participating in the PlanetLab
> research network. Researchers request "slices" of time and resources on
> the PlanetLab network to run experiments such as Internet mapping and
> content distribution. We have received various complaints over the last
> six months about things like TCP and ICMP scanning.

Hmm... I'm afraid one of those recent experiments that may have
generated complaints may have been from Northwestern.  If you saw
what may have looked like TCP port 80 scans on your routers, sorry
about that.  I thought I had given given them clear instructions on
how to do it (and it didn't involve port 80 :-) as well as to have
them use me to help get the word out to admins that this would be
occurring.  Well, I think an anxious student on the project didn't
get the message...

All this to say that it is probably not an uncommon situation.  The
research just kind of happens and the various sys/net admins of the
world all see it as possibly malicious.  In all the cases that I can
think of it isn't, at least not intentionally.

> I know there are institutions represented on this list that are
> participating--according to the PlanetLab site--and I was hoping to get
> some feedback as to what related security issues you've dealt with and
> any policies you may have developed in response to PlanetLab.

I'm not aware of any recent security issues.  There were some early
on in the project, but they've been pretty good about addressing them.
If you read through some of the papers and FAQs, you'll see the sorts
of things they do to avoid proxy abuse for example.

Perhaps one of the best things to do is to get to know the folks on
your campus responsible for the PlanetLab machines.  Try to encourage
them to give you a heads up if they are going to be doing something
out of the ordinary.  In addition, you should consider joining one
of the PlanetLab mailing lists.  Not a lot of good information goes
out about the operational concerns there, but occasionally something
does pop up.  The support at planet-lab.org folks are pretty responsive
so if all else fails those are the folks to talk to.

John


More information about the unisog mailing list