Tuesday, July 28, 2009

2.1.1 Defenses


The first problem is detecting a DOS attack as it can be mistaken with a heavy
utilization of the machine. DDOS attacks using reflection are extremely hard to
block due to the enormous number and diversity of machines a malicious user
can involve in the attack (virtually any machine can be turned into a zombie).
In addition, as the attacker is often only indirectly involved (he attacks through
the zombies and the reflective network), it is often impossible to identify the


Figure 2.1: A DDOS attack: The attacker sends the order to the computers he
personally controls (masters) which then forward it to the zombies, which DOS
as many machines as possible and spoof their IP to be the victim’s, who will
receive all the replies.
source of the attack. Because of these factors, there exists no general way of
blocking DOS attacks.
A widely used technique to hinder DOS attacks is “pricing”. The host will
submit puzzles to his clients before continuing the requested computation, thus
ensuring that the clients go through an equally expensive computation. DOS
attacks are most efficient when the attacker consumes most of his victim’s resources
whilst investing very few resources himself. If each attempt to flood his
victim results in him having to solve a puzzle beforehand, it becomes more difficult
to launch a successful DOS attack. “Pricing” can be modified so that when
the host perceives to be under an attack, it gives out more expensive puzzles,
and therefore reduces the effect of the attack. Although this method is effective
against a small number of simultaneous attackers, it more or less fails against
very distributed attacks. Other drawbacks are that some legitimate clients, such
as mobile devices, might perceive puzzles too hard and/or would waste limited
battery power to them.

DOS Attacks

1.4 Thesis Organisation

This thesis will now be organised in 4 main sections:
1 First, we will look at several vulnerabilities or attacks found in general
networks.

2 We will then look at more specific attacks specially designed for P2P
networks.
After these two analysis, we will try to draw some first conclusions. We will
then proceed to our case study: Freenet.
3 We will thoroughly describe the Freenet structure.
4 Finally, we will try to find potential weaknesses in Freenet and ways to
improve them.
After this we will draw our final conclusions and explore possible new directions.
5

1.3 Future and Vulnerability

Some futurists believe P2P networks will trigger a revolution in the near future.
The ease of use, the huge choice and finally the low price (often free) have been
the main reason for the explosion of file-sharing applications over the past years.
Add to this the fact that internet connection speeds are steadily increasing, the
arrival of newer faster algorithms (Caltech’s FAST algorithm was clocked 6,000
times faster than the internet’s current protocol) as well as the incapacity to
control or monitor such networks. This P2P revolution simply means huge
quantities of data will be available almost instantly to anybody for free.
This, of course, is disturbing news for many industries (music, movie, game...)
as P2P networks provide an alternative way of acquiring many copyrighted
products. These industries have very actively been waging war against “digital
piracy” for a decade soon. The results of this war are controversial but as P2P
networks have never stopped growing during this period of time, it is acceptable
to think that they will steadily grow on and gain even more importance in the
future.

1.2 Historical

Although P2P networking has existed for quite some time, it has only been
popularized recently and will probably be subject to even bigger revolutions in
the near future.
Napster was the first P2P application which really took off. The way it worked
was quite simple: a server indexed all the files each user had. When a client
queried Napster for a file, the central server would answer with a list of all indexed
clients who already possessed the file.
Napster-like networks are known now as first generation networks. Such networks
didn’t have a complicated implementation and often relied on a central

server (hybrid P2P). The central server model makes sense for many reasons:
it is an efficient way to handle searches and allows to retain control over the
network. However, it also means there is a single point of failure. When lawyers
decided Napster should be shut down, all they had to do was to disconnect the
server.
Gnutella was the second major P2P network. After Napster’s demise, the creators
of Gnutella wanted to create a decentralized network, one that could not
be shut down by simply turning off a server. At first the model did not scale
because of bottlenecks created whilst searching for files. FastTrack solved this
problem by rendering some nodes more capable than others. Such networks
are now known as second generation networks and are the most widely used
nowadays [1].
Third generation networks are the new emerging P2P networks. They are
a response to the legal attention P2P networks have been receiving for a few
years and have built-in anonymity features. They have not yet reached the mass
usage main second generation networks currently endure but this could change
shortly. Freenet is a good example of a third generation P2P network, that is
the reason why we will study it more deeply during this thesis.

1.1 Peer-to-Peer Network Definition

Throughout this thesis we will study peer-to-peer networks, henceforth we will
use the acronym P2P. A P2P network is a network that relies on computing
power of it’s clients rather than in the network itself [1]. This means the clients
(peers) will do the necessary operations to keep the network going rather than
a central server. Of course, there are different levels of peer-to-peer networking:
• Hybrid P2P: There is a central server which keeps information about
the network. The peers are responsible for storing the information. If they
want to contact another peer, they query the server for the address.
• Pure P2P: There is absolutely no central server or router. Each peer
acts as client and server at the same time. This is also sometimes referred
to as “serverless” P2P.
• Mixed P2P: Between “hybrid” and “pure” P2P networks. An example
of such a network is Gnutella which has no central server but clusters its
nodes around so-called “supernodes”.

Attacks on Peer-to-Peer Networks

Abstract
In this thesis, we collect information about known attacks on P2P networks. We
try to classify them as well as study the different possible defense mechanisms.
As a case study, we take Freenet, a third generation P2P system, which we
deeply analyze, including simulating possible behaviors and reactions. Finally,
we draw several conclusions about what should be avoided when designing P2P
applications and give a new possible approach to making a P2P application as
resilient as possible to malicious users.

Blackboard Learning System

All users have to register and need a username and password to access the software. At UAE University, students and faculty have the same ACE domain username and password for both the Oasis and linked Banner system and Blackboard 6.1, which makes it convenient. Once the user logs into Blackboard, a personal My Institution page is displayed. This main page has several main areas including a series of Navigation buttons, Navigation tabs (where the user can navigate between different sections of the program), a Module area (which contains announcements, course links etc.), a Tools area (containing utilities such as My Grades, Send an E-mail, Calendar etc.) and a Search Box (which can be used for information retrieval on the web from the Blackboard site itself). Within the Module area, students can see the courses they are registered for on Blackboard. The courses can also be accessed by clicking on the My Courses tab within the My Institution page.

The Blackboard course environment consists of two views. The Student View is the only view available to students enrolled on a course. In this view, a number of navigation buttons can be accessed. The exact navigation buttons themselves can be customized by the instructor, but typically include buttons such as Announcements, Course Information, Course Documents, Faculty Information, Assignments, Websites for the Course, Tools, Communication and Assignments. In contrast, the Control Panel is only available to Instructors, and this is the place where the Instructor manages the entire course and essentially constructs and tailors the course in their own way. As a user of Blackboard for several semesters now, I would highly recommend Blackboard as a course management tool for Instructors. Most Instructors need only general familiarity with the standard Windows environment to quickly come to grips with the system. In our Department and College, we have run introductory workshops in-house for new faculty on Blackboard, and it is our experience that this initial kick-start training period can even be limited to approximately ninety minutes. Once faculty are au fait with the basic features of Blackboard, the numerous additional features of the system can be explored at a later stage, when the Instructor begins to post material on the system, do on-line quizzes etc. Of course, it is essential that the University has a central Blackboard Support and Help Centre on a permanent basis to help faculty using the system and to run more comprehensive training programmes of some of the more advanced features. Additional features can then be explored and newsletters outlining tips on using Blackboard for Active Learning purposes, problems encountered, new features etc. are also a useful way of showing faculty the true benefit of this powerful software.

The ease of use of Blackboard is exceptional. As a former user of WebCT, I must admit I found the Blackboard interface and navigation easier to learn at the beginning especially in relation to the posting of course information, announcements etc. One of the nice new features of Version 6.1, is the WYSIWYG (What You See Is What You Get) and spell-check facilities of the text-box editor. This facility was not available in earlier editions, and having access to standard Word buttons such as Bold, Italics, Justification etc. is a welcome new feature. However, as a chemist, it still is not possible to create subscripts and superscripts smoothly using Blackboard i.e. the panel of buttons is limited and it was not possible to create the customary superscript and subscript buttons, as can be done neatly in Word, by dragging these down via Tools, Customize and Commands. Of course, one can easily work around this problem by creating your text in FrontPage, and pasting the HTML code in the textbox, or simply include the HTML tags. Another possibility is to use the embedded WebEQ Equation Editor. However, all these methods are somewhat cumbersome, especially for chemists.

Adding course information is also similar to posting an announcement, and the information can be added as an item, folder, external link etc. Faculty information can also be posted readily. A nice feature of this utility is that separate folders can be created for faculty; for example if you have joint faculty co-teaching on a course. Within each folder, separate profiles can be created, with useful information for the student such as an Instructors office hours, their e-mail address, the location of their office on campus, their homepage URL etc. In addition, the photograph of the Instructor can be posted. However, it is advised that for optimum results, a picture of 150 x 150 pixels in size should be used. Course Documents also has similar features to Course Information, and PowerPoint slides, Word documents etc. can be posted here, which may correspond to different chapters of a textbook etc. Furthermore, as the course is only accessible to the students and the Instructor teaching the course, not everybody can see the material. PowerPoint slides can also be posted in such a way that the students can only see the slides, without being able to edit them if an Instructor wishes. An e-mail can also be sent to all students and Instructors having access to the course, which is an excellent facility of the system. This makes efficient and prompt direct contact with the students.

One other new feature which was introduced in the 6th release of the Blackboard Learning System has been that of the Assignment Manager. This new tool actually combines the file exchange capabilities of the Digital Drop Box, with the functionality of the Gradebook in Blackboard. The Digital Drop Box is still present in the system, and can be used to transfer files to users. This is an excellent feature, as instead of forwarding e-mail attachments, one can send a file to a student very quickly through Digital Drop Box. I have used this facility several times in my own classes teaching General Chemistry and Engineering Applications, where the students use their own personal Laptops in class, in a wireless Network environment.2 However, one problem with this facility that I found is that you can only remove one file at a time. This can be tedious if you receive say twenty-five files from students as homework assignments. There is no select all, delete facility. In contrast, the new tool, Assignment Manager is an area where course assignments can be posted, related files can be uploaded and grades published. It is the latter point that really distinguishes this feature from the Digital Drop Box. The Digital Drop Box should be used if you wish to exchange files between students etc, but where you do not wish to give grades. The former in comparison should be employed where a final grade will be assigned to a student’s work.

One of the most useful facilities of Blackboard has to be its Assessment facilities. In Pool Manager, a bank of questions with no point values can be created by an Instructor. Pool Manager can then be used to generate questions for on-line quizzes, exercises and tests. This facility should be used before importing the question banks into the Test Manager. One key advantage of Pool Manager is that the pool of questions can easily be readily exported. This gives great flexibility in courses where multiple Instructors are involved, as each can create banks of questions and transfer them to each other. With this utility, vast libraries of question banks can be built up in a Department on an ongoing basis each semester. Blackboard itself has the provision for seven different types of questions: multiple-choice, true/false, fill in the blank, order, multiple answer, match two lists and essay. Although the latter can be used, in the opinion of this reviewer, this type of question is probably not best suited to Blackboard, as there is a limit on the twenty answer patterns that can be used, and spelling mistakes, additional spaces and punctuation can invalidate an answer. In addition, an essay type question needs the Instructor to grade it. Having created a pool of questions in Pool Manager, the questions can then be imported into Test Manager for use in a test. One slightly annoying feature in Version 6, is that when you import a bank of questions from Pool Manager, there is no select all facility, which surprisingly was present in an earlier version. Hence, one has to physically go through each question and tick its box to import the question. This can be very time-consuming especially if you create an MCQ test for students of approximately 100 questions. Another cautionary note which academic users should be aware of is in relation to undesired student’s behaviour during online assessments. In several classes I have had the problems that students get an error message during an on-line test stating that they have already chosen to go to the next question, and please wait etc. These messages according to my colleagues at the Blackboard Support Unit at the University, appear to be due to the undesired behaviour of double-clicking the submit or next button. As the Web is a single-click environment, where double-clicking is not necessary on standard web pages, this seems to be the root of this problem, which can throw some students out in on-line assessments. The problem became so widespread in some of my classes, that I now have to mention this to them on a continuous basis to get the message across in order to avoid such error messages. Hopefully the developers will try and see some way round this potential problem in a future release.

I tried also bringing chemical structures, which I created in ISIS Draw 2.53 into Blackboard in the Test Manager. This can easily be done, using the Creation Settings button. I saved a structure of an organic ligand, which I created initially in ISIS Draw, and converted it to a gif file using Microsoft PhotoEditor. I then was able to import this directly into Test Manager.

However, the best feature of the Assessment Tools is that of the Gradebook. This can easily be customized and rearranged to include mid-Semester and final examinations, quizzes, progress examinations etc. Once an on-line quiz or progress examination is taken on Blackboard, the grades are automatically imported into the Gradebook, which then can be weighted accordingly and can even be downloaded into an Excel spreadsheet in CSV file format. This feature is excellent, and with the collective utilities of the Test Manager and Gradebook, it has saved me personally hours of monotonous grading for many of my courses, where I employ MCQ type questions. I would definitely recommend Blackboard to any faculty thinking along the lines of a Laptop project type initiative.2

Blackboard has several other neat advanced features such as a Discussion Board, a Collaboration Session facility, Survey Manager and an excellent Course Statistics package, where you can track your student’s usage of the course materials.

3. Basic Policies

3.1. The Association is a group of Sri Lankans (and their family members) for themselves and for the country. The
activities of the Association are mainly targeted for the benefit of the members and Sri Lanka. However, the
Executive Committee on behalf of the Association may consider providing services to non-members, though not
obligatory.
3.2. The Association closely collaborates with the Government of Sri Lanka, Sri Lanka Embassy in Japan, all Sri
Lankan organizations, Sri Lankan people living in Japan, Japanese institutions and Japanese people.
3.3. The activities of the Association shall be implemented with mutual respect and cooperation, punctuality, sense of
responsibility, friendship and solidarity among members.
3.4. All attempts shall be made to implement any activity in the most efficient, effective and economical manner with
the best possible, but affordable quality.
3.5. In implementation of projects and programs, in procurement of goods and services priority is given to Sri Lankan
suppliers. However, considering the price, quality and experience the Executive Committee can deviate from this
policy where necessary.
3.6. The Association will be completely neutral in political matter and there shall be no discrimination on account of
religion, race or sex. Political issues shall never be discussed at any of the meetings of the Association including
all Committee Meetings.
3.7. All projects and programs formulated by each Sub Committee should be submitted to the Executive Committee
along with the cost estimates for approval. Any expenditure or even commitment should not be made until the
approval of the Executive Committee. However, in extremely urgent matters the President has the authority to
grant personal approval, in consultation with the Secretary and the Treasurer for an activity incurring a cost not
more than Yen 50,000.

Objectives

The objects the Association listed under Article 2 of the Association are as follows:
(a) To strengthen the Sri Lankan community in Japan;
(b) To promote social and cultural relations between Sri Lanka and Japan; and
(c) To contribute to the socioeconomic development of Sri Lanka
To accomplish the above objects, the organization should have a sound financial background as well as strong
organization. Therefore, the following object should also be added to develop a strategic plan.
(d) To strengthen the Association financially, structurally, and in membership.

Sri Lanka Asscociation in Japan Five-Year Strategic Plan (2006-2010)

1. Background
The Sri Lanka Association in Japan has a history of nearly three decades. The time has now come to restructure and
reorganize it with a new outlook and a greater vigor for the following reasons.
1.1. The Association has been in a dormant status for few years, although it had earned a good reputation in the
past.
1.2. His Excellency the Ambassador is very keen to reactivate and strengthen the Association so as to see it
rendering fruitful services to Sri Lankans living in Japan and for Sri Lanka.
1.3. Sri Lankan community in Japan and their expectations and capacities have diversified and expanded
significantly since the establishment of the Association.
1.4. Along with the globalization process and rapid development of information and communication technology,
services could be now rendered more efficiently and effectively than in the past.
Against this background, the constitution is revised at the Special General Meeting held on 04 June 2006. There is an
urgent need for a proper strategic plan for implementation in order to accomplish the objects listed in the constitution.

Tag

Assignment Lanka Tag Cloud
Computer Networks The History of Local Area Networks, LAN, The Topologies of a Networks, LANs describe different types of transmission Medias, Local Area Networks Access Methods, Carrier Sense Multiple Access with Collision Detect, Development of LAN Technologies. LAN -Token Ring, LAN Ethernet Digital, LAN - Ethernet Sun microsystems, LAN - Ethernet Mixed Environment, LAN - Token Ring was introduced by IBM LAN - IBM implementation of Token Ring, Token Ring Novell, LAN Token Ring - in a mixed environment, LAN - Fiber Distributed Data Interface, LAN - ATM, LAN Components, LAN Switching Methods, Virtual Local Area Network, Port based VLAN, Mac based VLAN, Protocol based VLAN, User Base VLAN, PC networks Components, PC networks Shared resources, PC Network operating systems, PC networks Novell Netware, PC networks Windows NT, PC networks IBM LAN Server Computer Programming Languages HTML Language, The Generations of Programming Languages, Different types of High Level Languages, Different types of High Level Languages Disadvantages
Computer Networks - IBM LAN Server, Windows NT Networks, Novell Netware, Network operating systems, Networks Shared, Networks Components, User Base, Protocol based, Mac based, Port based, VLAN, LAN Switching, LAN Components, ATM, Fiber Data, Token Ring, Token Ring Novell, IBM implementation, Ethernet, Sun microsystems, Ethernet Digital, Token passing, LAN Technologies, CSMA/CD, Access Methods, Transmission, Networks, The History of Local Area Networks, LAN