Support Responses

General Abuse

PlanetLab (http://www.planet-lab.org/) is a distributed systems research test bed. We manage 1000+ machines world wide. These machines may share access to both research, local and public Internet. These services are actively managed by researchers granted access to PlanetLab accounts. And, we enforce a project Acceptable Use Policy (AUP) https://www.planet-lab.org/aup that should direct the behavior of researchers running experiments within PlanetLab.

 

We are very concerned by what you have reported to us. The activity in your report demonstrates a violation of our AUP, namely probing a single target machine outside the PlanetLab network from many PlanetLab nodes.

The traffic you've identified was generated as part of a distributed active network probing experiment running on PlanetLab. We have notified the researchers responsible for this traffic in order for them to stop the activity running in their slice. They will describe what steps have been taken to prevent this abuse from occurring again at your site and others.

We will keep you notified as we pursue this report.
PlanetLab Support

 

CDN Traffic Warnings From IDS

Hello, BLANK,

PlanetLab (http://www.planet-lab.org/ is a distributed systems research test bed. We manage 1000+ machines world wide. These machines may share access to both research, local and public Internet. Due to this, security concerns like yours are necessarily important to us as well.

The traffic you've identified was generated as part of a Content Distribution Network (CDN) running on PlanetLab. These services are actively managed by researchers granted access to PlanetLab accounts. These services are not "anonymous" or "open" proxies. All activity is logged and available to researchers to help eliminate abusive activity. Therefore, once we confirm that traffic is malicious, we can notify the responsible researchers and have the activity stopped.

Because you have only identified an origin server that is part of the PlanetLab network, which runs known-safe CDN software, we need additional details about the harm caused by this traffic to determine if further action is necessary. Evidence of actual harm, rather than just the presence of proxy traffic, will demonstrate that the packets are something other than legitimate user or research activity.

To help investigate, you can search for specific traffic that you've determined to be inappropriate by using your web browser to visit the machine that generated this traffic. Follow the directions there for creating a query.

http://129.82.12.188/ (http://planetlab-2.cs.colostate.edu/)

More information about the CDNs currently running on PlanetLab are:

CobWeb: http://www.cs.cornell.edu/People/egs/beehive/cobweb/ port 8888
CoDeeN: http://codeen.cs.princeton.edu/ port 3124, 3127, 3128
Coral: http://www.coralcdn.org/overview/ port 8080, 8090

Based on the evidence that you have provided, no further action will be taken by us. Of course, if you believe the traffic is malicious, please reply with additional details, and we will share this with the maintainers of these services to correct the problem.

Please let us know if you have further questions or we can be of additional help.
PL Support

 

User-generated CDN Traffic

PlanetLab (http://www.planet-lab.org/ is a distributed systems research test bed. We manage 1000+ machines world wide. These machines may share access to both research, local and public Internet. Due to this, security concerns like yours are necessarily important to us as well.

The traffic you've identified was generated as part of a Content Distribution Network (CDN) running on PlanetLab. These services are actively managed by researchers granted access to PlanetLab accounts. All activity is logged and available to researchers to help eliminate abusive activity. Therefore, once we confirm that traffic is malicious, we can notify the responsible researchers and have the activity stopped.

 

However, it appears that the activity you have reported is part of normal traffic carried by [CoDeeN, Coral, or CobWeb, etc]. Often websites will use these CDNs transparently to users to reduce server load and provide better user experience. Your connection to them is initiated when you follow a link from their site. But, no malicious code has been installed or run on your machine as part of this optimization. You can find more information about these services by reviewing the sites below.

CobWeb: http://www.cs.cornell.edu/People/egs/beehive/cobweb/ port 8888
CoDeeN: http://codeen.cs.princeton.edu/ port 3124, 3127, 3128
Coral: http://www.coralcdn.org/overview/ port 8080, 8090

Based on the evidence that you have provided, no further action will be taken by us. Of course, if after reviewing this information, you still believe the traffic is malicious, please reply with additional details, and we will share this with the maintainers of these services to correct the problem.

Please let us know if you have further questions or we can be of additional help.
PL Support

CDN Abuse that Requires Action

PlanetLab (http://www.planet-lab.org/ is a distributed systems research test bed. We manage 1000+ machines world wide. These machines may share access to both research, local and public Internet. Due to this, security concerns like yours are necessarily important to us as well.

These services are actively managed by researchers granted access to PlanetLab accounts. These services are not "anonymous" or "open" proxies. All activity is logged and available to researchers to help eliminate abusive activity. Therefore, once we confirm that traffic is malicious, we can notify the responsible researchers and have the activity stopped.

We are very concerned by what you have reported to us. The traffic you've identified was generated as part of a Content Distribution Network (CDN) running on PlanetLab. These services are actively managed by researchers granted access to PlanetLab accounts. All of the CDN services implement a number of abuse prevention schemes -- allowing only HEAD/GET, rate limiting, exploit string signature mapping, real-time robot detection and so on. Unfortunately, despite these precautions, it is still possible for the service to be abused since we do not know all possible attacks in advance.

 

Fortunately, all activity is logged and available to the researchers to help eliminate abusive activity. We have notified the researchers responsible for the major CDNs running on PlanetLab to help with the investigation and future prevention of this abuse. They may ask for additional information and will describe what steps have been taken to prevent this abuse from occurring again.

You can help us investigate. You can search for specific traffic that you've determined to be inappropriate by using your web browser to visit the machine that generated this traffic. Follow the directions there for creating a query.

http://<the PL host>/

More information about the CDNs currently running on PlanetLab are:

CobWeb: http://www.cs.cornell.edu/People/egs/beehive/cobweb/ port 8888
CoDeeN: http://codeen.cs.princeton.edu/ port 3124, 3127, 3128
Coral: http://www.coralcdn.org/overview/ port 8080, 8090

We will keep you notified as we pursue this report.
PL Support