InformationWeek

May 15, 2000

Peer-To-Peer Anarchy: The Next Big Thing?

ith fast and powerful desktop PCs becoming the norm and Internet connectivity getting more reliable all the time, peer-to-peer networking has become, it seems, the flavor of the month when it comes to technology trends. Peer-to-peer networks are designed so that every host on the network is both a client and a server. If your desktop PC is part of a peer-to-peer network, you can download files from other machines on the network as well as serve up files for others to download. Gnutella, Freenet, Napster, CuteMX, and iMesh are some of the freeware and open-source peer-to-peer file sharing technologies that are sprouting up on the Internet.

Squarely targeted at consumers with an inclination to share their MP3 audio files, fake celebrity photos, or inflammatory manifestos with the Internet community at large, these applications leverage the fact that users are far more likely to upload and download files if the process is made brain-dead simple. And so it is with most of these products. Unfortunately, while "free" is often good (think Apache, Sendmail, and Perl), these peer-to-peer file-sharing applications aren't necessarily designed to help people do their jobs better or more efficiently; they're designed to simply push files around the Internet. While freedom-of-speech advocates will surely applaud the design of Freenet and Gnutella, which make the dissemination of information (in the form of files) both fast and relatively anonymous, I predict that unless something interesting happens with these peer-to-peer applications, they will soon go the way of Usenet newsgroups, Internet Relay Chat, and other bottomless sinkholes of crude JPEGs, flame wars, and virus-encrusted warez.

Why You Should Care
So why should the average IT professional be concerned about these technologies for easily sharing files over the Internet? The reasons, both good and bad, are clear:

Bad:
Most corporate sites will want to avoid participating in these loose networked confederations because they suck bandwidth and pose security risks. Security is an issue because users have no way of verifying the contents of files they download, which may contain viruses or other anomalies.

Good:
Some of these products are pretty cool from a purely technical standpoint. Freenet, being open source, offers a glimpse into some powerful peer-to-peer programming techniques that could be leveraged for in-house product development (Gnutella source is expected to be released soon).

As I mentioned earlier, these applications are brain-dead simple. They also typically take less than a minute to download, perhaps another minute to install, and most of them can use a proxy server through a SOCKS 4- or SOCKS 5-compliant firewall. Yes, your users can be up and running in minutes, and if you're running a large corporate LAN, it's likely that is something you don't want.

Table 1. The New Peer-To-Peer Applications, May 2000


	iMesh	CuteMX	Napster	Gnutella	Freenet
What's the Point?	File-sharing community portal	File-sharing community portal	File-sharing community portal	Uncensored distribution of information	Uncensored distribution of information
Moderated?	Yes	Yes	Yes	No	No
Network Topology File Transfer	Peer-to-Peer	Peer-to-Peer	Peer-to-Peer	Peer-to-Peer	Peer-to-Peer
Network Topology Searches	Server-based	Server-based	Server-based	Peer-to-Peer	Not implemented
File transfer protocol	Proprietary	Proprietary	Proprietary	HTTP	Proprietary
Default TCP/IP Port	5000 (4000-4999 used for file transfers)	2000-10000	6699	6346	No default port number

File-Sharing Communities
As you can see in Table 1, the applications run the gamut from commercial file-sharing portal sites iMesh, CuteMX, and Napster, to anarchical products Gnutella and Freenet. IMesh, CuteMX, and Napster let you download their file-sharing client for free, but you must register at their Web sites to become part of their respective peer-to-peer file-sharing networks. IMesh, CuteMX, and Napster require that you use their Web-site portal for file searching, finding other connected users, chat rooms, and other features. This is a no-brainer way to get eyeballs and establish "community," since the hard part, the file sharing, takes place directly between the users' PCs.

While it's trivial to place illegal, copyrighted files on these networks, the sites specifically prohibit the use of their networks for that purpose, and if they find out, you'll get kicked off. Napster has become the most high-profile product in this category because it allows robust sharing of MP3 audio files. While Napster only allows sharing of MP3 audio files, a third-party product called Wrapster lets you put a wrapper around any file to make it look like an MP3 file. Thus, Wrapster lets you share any file over the Napster network.

While iMesh, CuteMX, and Napster lock users into a specific portal Web site and thus can offer some degree of censorship, there are not sufficient controls in place to keep users from downloading infected files. The real danger is that users might think files downloaded via these sites are safer than files downloaded from an anonymous FTP site, but the fact is that the centralized directory structure only gives these companies a way to prosecute or remove users who abuse the network by putting dangerous or copyrighted files on the network. The fear of prosecution makes these networks somewhat safer than the Internet at large, but not much.

File-Sharing Anarchy
On the other end of the file-sharing spectrum are Gnutella and Freenet. These products are peer-to-peer file-sharing products that have no central directory. To connect to the peer-to-peer network, you have to locate the IP address of at least one site that's up and running. Freenet and Gnutella are designed to be completely uncensored and anonymous conduits for information distribution. Both products can use any TCP/IP port, and Gnutella uses HTTP for its file transfer protocol, so it's easy to hide behind firewalls. While Gnutella and Freenet are the most technically interesting of the bunch, they are also the most dangerous for corporate sites. There is no way to trace the origin of a file on the Freenet network and no method to trust or verify the contents of a file you download. Also, Freenet files propagate to available hosts without user consent, so when you run Freenet on your machine, you may upload and download files without making any explicit requests. Gnutella is similar to Freenet in some respects, though I'm not sure of all the details yet. Both of these applications are in their infancy and are evolving. They pose the greatest threat to unsophisticated users.

Corporate Response
Fortunately, blocking most of these products is fairly easy for sites that have firewalls. In fact, the corporate security policy for most firewalls will automatically block them since they use TCP/IP network ports (see Table 1) that are typically blocked by default. However, most of the products are configurable to many different port numbers--in the case of Freenet, there is not only no default port, but any port can be used. Gnutella is specially designed to thwart firewall blocking. It uses HTTP protocol, which firewalls usually pass through, and can be configured for any TCP/IP port. Thus, a user could configure Gnutella on a PC to use port 80 (the default for Web servers), and the traffic would appear to be Web traffic. Some ingenuity, and perhaps some pressure on your firewall vendor, may be required to block these networks.

Yes, these products can be fun for users, but adding fast and easy ways for users to download random files from the Internet isn't a good addition to your corporate LAN. Most of these products should be reaching maturity by the fall, and it will be interesting to see what the landscape looks like then.

AuthorITies Archive
Send Us Your Feedback
Top of the Page


Lou Bertin: The Observer Lou offers a view of the good, the bad, and the bizarre developments in the technology business	Charles Pelton: Eye On IT Charles explores IT management issues and strategies that business and technology managers face.	Stuart Johnston: Internet Zone As our eyes and ears in Redmond, Stuart gives his perspective on the latest events at Microsoft.	Rusty Weston: Matter Of Fact Rusty explores the facts and figures behind business technology.