[unisog] Experiences with PlanetLab

John Gerth gerth at stanford.edu
Mon Feb 20 22:20:34 GMT 2006


John Kristoff wrote:
> 
> I'm not aware of any recent security issues.  There were some early
> on in the project, but they've been pretty good about addressing them.
> If you read through some of the papers and FAQs, you'll see the sorts
> of things they do to avoid proxy abuse for example.
>
> Perhaps one of the best things to do is to get to know the folks on
> your campus responsible for the PlanetLab machines.  Try to encourage
> them to give you a heads up if they are going to be doing something
> out of the ordinary.  In addition, you should consider joining one
> of the PlanetLab mailing lists.  Not a lot of good information goes
> out about the operational concerns there, but occasionally something
> does pop up.  The support at planet-lab.org folks are pretty responsive
> so if all else fails those are the folks to talk to.
> 
  We've had (and still have) a minor issue with residual traffic here.

  Although the planetlab hosts here were moved to new isolated nets over
  two months ago, the old IPs continued to be contacted by thousands
  of unique IPs per hour.  Complaints to 'support at planet-lab.org'
  revealed that some experiments were using IP numbers not DNS names
  and so continue to hit the old IPs.

  Planetlab support has gotten this reduced to ~100 per hour, but it has not gone
  away and they disclaim responsibility for the remaining traffic which appears
  to be machines attempting to use proxies, mostly on port 3128. Planetlab may
  be indeed be powerless to stop them.  It does not look like backscatter or random
  probes to us and although it could be inadvertent traffic,  perhaps it is malicious code
  which was incorporated into hacker packages back when Planetlab did have security problems.
  Anyway, we're unlikely to recycle the old IPs back into use for some time.

  Bottom-line: planetlab's a worthy thing, but you need to plan for any
  uncertainties it might introduce.

/John
-- 
John Gerth - Stanford Computer Graphics Lab


More information about the unisog mailing list