Latest Notes on the Peer to Peer Front and DMCA Notices

Just getting back from our tech talk seminar today at Western Michigan University. The topic of DMCA requests came up in our discussions, and here are some of my notes on the subject.

Background: The DMCA, which is the enforcement arm of the motion picture copyright conglomerate, tracks down users with illegal content.

They seem to sometimes shoot first and ask questions later when sending out their notices more specific detail to follow.

Unconfirmed Rumor has it, that one very large University in the State of Michigan just tosses the requests in the garbage and does nothing with them, I have heard of other organizations taking this tact. They basically claim  this problem for the DMCA is not the responsibility of the ISP.

I also am aware of a sovereign Caribbean country that also ignores them. I am not advocating this as a solution just an observation.

There was also a discussion on how the DMCA discovers copyright violators from the outside.

As standard practice,  most network administrators use their firewall to block UN-initiated requests  into the network from the outside. With this type of firewall setting, an outsider cannot just randomly probe a network  to find out what copyrighted material is being hosted. You must get invited in first by an outgoing request.

An analogy would be that if you show up at my door  uninvited, and knock, my doorman is not going to let you in, because there is no reason for you to be at my door. But if I order a pizza and you show up wearing  a pizza delivery shirt, my doorman is going to let you in.  In the world of p2p, the invite into the network is a bit more subtle, and most users are not aware they have sent out the invite, but it turns out any user with a p2p client is constantly sending out requests to p2p super nodes to attain information on what content is out there.  Doing so, opens the door on the firewall to let the P2p super node into the network.  The DMCA p2p super nodes just look like another web site to the firewall so it lets it in. Once in the DMCA reads directories of p2p clients.

In one instance, the DMCA is not really inspecting files for copyrighted material, but was only be checking for titles. A  music student who recorded their own original music, but named their files after original artists and songs based on the style of the song.  Was flagged erroneously with DMCA notifications based on his naming convention   The school security examined his computer and determined the content was not copyrighted at all.   What we can surmise from this account was that the DMCA was probing the network directories and not actually looking at the content of the files to see if they were truly in violation of copying original works.
Back to the how does the DMCA probe theory ? The consensus was that it is very likely that DMCA is actually running  super nodes, so they will get access to client directories.  The super  node is a server node that p2p clients contact to get advice on where to get music and movie content ( pirated most likely). The speculation among the user group , and these are very experienced front line IT administrators that have seen just about every kind  of p2p scheme.  They suspect that the since the DMCA super node is contacted by their student network first, it opens the door from the super node to come back and probe for content. In other words the super node looks like the Pizza delivery guy where you place your orders.
It was also further discussed and this theory is still quite open, that sophisticated p2p  networks try to cut out the DMCA  spy super nodes.  This gets more convoluted than peeling off character masks at a mission impossible movie. The p2p network operators need super nodes to distribute content, but these nodes cannot be permanently hosted, they must live in the shadows and are perhaps parasites themselves on client computers.

So questions that remain for future study on this subject are , how do the super nodes get picked , and how does the p2p network disable a spy DMCA super node ?

Using OpenDNS on Your Wireless Network to Prevent DMCA infringements

Editor’s Note:  The following was written by guest columnist, Sam Beskur, CTO of Global Gossip.  APconnections and Global Gossip have partnered to offer a  joint hotel service solution, HMSIO.  Read our HMSIO service offering datasheet to learn more.

Traffic Filtering with OpenDNS



AUP (Acceptable Use Policy) violations which include DMCA infringements on illegal downloads (P2P, Usenet or otherwise) have been hugely troublesome in many locations where we provide public access WiFi.  Nearly all major carriers here in the US now have some form of notification system to alert customers when violation occur and the once that don’t send notifications are silently tracking this behavior.

As a managed service provider it is incredibly frustrating to receive these violation notifications as they never contain information one needs to stop the abuse but only the WAN IP of the offending location.  An end user who committed the infraction is often behind a NATed private address (192.168.x.x or 172.x.x.x) and for reasons still unknown to me they never provide information on the site hosting the illegal material, botnet, adware etc.

When a customer, on whose behalf one may be providing managed services for, receives one of these notifications this can jeopardize your account.

Expensive layer 7 DPI appliances will do the job in filtering P2P traffic but often times customers are reluctant to invest in these devices for a number of reasons: yet another appliance device to power, configure, maintain, support, another point of failure, another config to backup, no more Rackspace, etc, etc ad nausea.


Below we outline an approach that uses a cloud approach based on OpenDNS and NetEq which has very nearly eliminated all AUP violations across the networks we manage.

Anyone can use the public OpenDNS servers at the following addresses:

If however, one wishes to use the advanced filter capabilities you will need to subscribe to and create a paid account and register the static WAN IP of the address you are trying to filter.  Prices vary.

  1. Adjusted our content filter/traffic shaper (NetEqualizer) to limit/block # P2P connections.

  1. Configure your router / gateway device / dhcp server to use,  as primary and secondary DNS server.


  1. Once you have an OpenDNS account add your location for filtering and configure DNS blocking of P2P and malware sites         

  1. In order to prevent the more technically savvy end users from specifying ones own DNS server (,,, etc.) it is a VERY good idea to configure your gateway to block all traffic on port 53 to all endpoints accept the OpenDNS servers.  DNS uses UDP port 53 so configuring this within IPTables (maybe even another feature for NetEqualizer) or within Cisco IOS is fairly trivial.  If you’re router doesn’t allow this hack it or get another one.


Depending on your setup there are a number of other techniques that can be added to this approach to further augment your ability to track NATed end user traffic but as I mentioned these steps alone have very nearly eliminated our AUP violation notifications.

Music Anti-Piracy in Perspective Once Again

By: Art Reisman

Art Reisman CTO

Art Reisman is the CTO of APconnections. He is Chief Architect on the NetGladiator and NetEqualizer product lines.

I was going to write a commentary story a couple weeks ago when the news broke about the government shut down of the Megaupload site. Before I could get started, one of my colleagues pointed out this new undetectable file sharing tool. Although I personally condemn any kind of software or copyright piracy in any form, all I can say is the media copyright enforcement industry should have known better. They should have known that when you spray a cockroach colony with pesticide, a few will survive and their offspring will be highly resistant.

Here is a brief excerpt from

The nature of its technology (file sharing technology) is completely decentralized, leaving moderation to the users. Individuals can rename files, flag phony downloads or viruses, create “channels” of verified downloads, and act as nodes that distribute lists of peers across the network.

In the recent U.S. debate over anti-piracy measures, absolutely none of the proposed enforcement mechanisms would affect Tribler: it is, quite literally, the content industry’s worst nightmare come to life.”

Flash back to our 2008 story about how the break up Napster caused the initial wave of P2P. Back in 2001, Napster actually wanted to work on licensing for all their media files, and yet they were soundly rebuked and crushed by industry executives and the legal departments who saw no reason to compromise for fear of undermining their retail media channels. Within a few months of Napster’s demise, decentralized P2P exploded with the first wave of Kazaa, Bearshare and the like.

In this latest round of piracy, decentralized file sharing has dropped off a bit, and consumers started to congregate at centralized depositories again, most likely for the convenience of finding the pirated files they want quickly. And now with the shutting down of these sites, they are scattering again to decentralized P2P. Only this time, as the article points out, we have decentralized P2P on steroids. Perhaps a better name would be P2P 3G or P2P 4G.

And then there was the SOPA Fiasco

The Internet is so much bigger than the Music Industry, and it is a scary thought that the proposed  SOPA laws went as far as they did before getting crushed.

I am going to estimate the economic power of the Internet at 30 trillion dollars. How did I arrive at that number?  Basically that number implies that roughly half the worlds GDP is now tied to the Internet, and I don’t mean just Internet financial transactions for on-line shopping. It is the first place most communication starts for any business. It is as important as railroads, shipping, and trucking combined in terms of economic impact. If you want, we can reduce that number to 10 trillion, 1/6 of the worlds GDP , it does not really matter for the point I am about to make.

The latest figure I could find is that the Music Industry did approximately 15 billion dollars worth of business at their peak before piracy, and has steadily declined since then. There is no denying that the Music Industry has suffered 5 to 6 billion dollars in losses due to on-line piracy in the past few years, however that number is roughly .06 percent of the total positive economic impact of the Internet. Think of a stadium with 1000 people watching a game and one person standing up in front and forcing everybody to stop cheering  so they could watch the game without the bothersome noise. That is the power we are giving to the copyright industry.  We have a bunch of sheep in our Congress running around creating laws to appease a few lobbyists that risk damaging the free enterprise that is the Internet. Risking damage to the only real positive economic driver of the past 10 years. The potential damage to free enterprise by these restrictive overbearing laws is not worth the risk. Again, I am not condoning piracy nor am I against the Music Industry enforcing their laws and going after criminals, but the peanut butter approach to using a morbid congress to recoup their losses is just stupid.  The less regulation we can put on the Internet the more economic impact it will have now and into the future.  These laws and heavy-handed enforcement tactics create unrealistic burdens on operators and businesses and need to be put into perspective. There has to be a more intelligent way to enforce existing laws besides creating a highly-regulated Internet.

Stay tuned for some suggestions in my next article.

NetEqualizer chosen as role model bandwidth controller for HEOA

Just ran across this posting where  Educause recommended the NetEqualizer solution as role model for bandwidth control in meeting  HEOA requirements.

Pomona College and Reed College were sited as two schools currently deploying Netequalizer equipment.

Related Article from Ars Techica website also discusses approaches schools are using to meet HEOA rules.

About Educause:

EDUCAUSE is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. EDUCAUSE helps those who lead, manage, and use information resources to shape strategic decisions at every level. A comprehensive range of resources and activities is available to all interested employees at EDUCAUSE member organizations, with special opportunities open to designated member representatives.

About HEOA:

The Higher Education Opportunity Act (Public Law 110-315) (HEOA) was enacted on August 14, 2008, and reauthorizes the Higher Education Act of 1965, as amended (HEA). This page provides information on the Department’s implementation of the HEOA.

Some parts of the law will be implemented through new or revised regulations. The negotiated rulemaking process will be used for some regulations, as explained below. Other areas will be regulated either through the usual notice and comment process or, where regulations will merely reflect the changes to the HEA and not expand upon those changes, as technical changes.

Four Reasons Why Peer-to-Peer File Sharing Is Declining in 2009

By Art Reisman

CTO of APconnections, makers of the plug-and-play bandwidth control and traffic shaping appliance NetEqualizer

Art Reisman CTO

I recently returned from a regional NetEqualizer tech seminar with attendees from Western Michigan University, Eastern Michigan University and a few regional ISPs.  While having a live look at Eastern Michigan’s p2p footprint, I remarked that it was way down from what we had been seeing in 2007 and 2008.  The consensus from everybody in the room was that p2p usage is waning. Obviously this is not a wide data base to draw a conclusion from, but we have seen the same trend at many of our customer installs (3 or 4 a week), so I don’t think it is a fluke. It is kind of ironic, with all the controversy around Net Neutrality and Bit-torrent blocking,  that the problem seems to be taking care of itself.

So, what are the reasons behind the decline? In our opinion, there are several reasons:

1) Legal Itunes and other Mp3 downloads are the norm now. They are reasonably priced and well marketed. These downloads still take up bandwidth on the network, but do not clog access points with connections like torrents do.

2) Most music aficionados are well stocked with the classics (bootleg or not) by now and are only grabbing new tracks legally as they come out. The days of downloading an entire collection of music at once seem to be over. Fans have their foundation of digital music and are simply adding to it rather than building it up from nothing as they were several years ago.

3) The RIAA enforcement got its message out there. This, coupled with reason #1 above, pushed users to go legal.

4) Legal, free and unlimited. YouTube videos are more fun than slow music downloads and they’re free and legal. Plus, with the popularity of YouTube, more and more television networks have caught on and are putting their programs online.

Despite the decrease in p2p file sharing, ISPs are still experiencing more pressure on their networks than ever from Internet congestion. YouTube and NetFlix  are more than capable of filling in the void left by waning Bit-torrents.  So, don’t expect the controversy over traffic shaping and the use of bandwidth controllers to go away just yet.

How the Music Industry Caused the Current Bittorrent Explosion

By: Art Reisman

Art Reisman CTO

Art Reisman is the CTO of APconnections. APconnections designs and manufactures the popular NetEqualizer bandwidth shaper.

Originally published April 4, 2008

Update Dec 18 , 2008: The RIAA announced a new tactic over the weekend.  The ironic twist is that by our accounts the old tactic of vigorous enforcement was working. We were seeing (on the hundreds of networks we support) far fewer bittorrents running when compared to two years ago. I’d estimate the drop to be about 80 percent.  I am not sure if our observations were indicative of the industry trend, but by our accounts, pirated material must have been on the decline. We’ll be putting together a more detailed article shortly.

Flash back to the year 2000, Napster hits the scene and becomes the site of choice for anybody trying to download online music.

It is important to understand that the original Napster had a centralized infrastructure. All file transfers happened via the coordination of a central server. Had the music industry embraced this model, they would likely have had a smooth transition from their brick and mortar channel to a soft distribution. Had they only been a bit more farsighted as to the consequences of their actions.

Instead of embracing Napster, the music industry, along with the RIAA (the industry henchman for copyright enforcement), worked to shut Napster down, much the same way they had successfully gone after commercial establishments that play unlicensed music.

There were some smaller label artists that did embrace Napster, obviously looking for untapped market share, but for the most part the industry reacted like a obsolete dinosaur fighting progress out of fear of losing revenue.

I was personally experimenting with downloading music at this time. If Bill Clinton and Obama can admit to illegal drug use, I should be able to confess to one or two illegal downloads without retribution (note: I have since licensed all my music in my library). It wasn’t the free music that attracted me to Napster in 2000, but rather the convenience of getting the tracks I wanted when I wanted them.

Well, the RIAA succeeded in getting an injunction against Napster and shutting them down in February 2001.

This would turn out to be a costly mistake.

It was no coincidence that shortly after the fall of Napster a whole heard of new file sharing techniques showed up. BearShare, Kazaa, Gnutella, Limewire, and Bittorrent all became popular seemingly overnight and once again copyrighted material was being spread all over the world. Only this time it was not coming from a centralized server, but from millions of servers. Now, instead of having one source where music distribution could be tracked, the music industry had a wasp nest of swarming downloads.

Although today there are many paying customers of legal downloads, black market peer-to-peer file sharing still runs rampant, and this time it is not possible to squash the distribution model . Bittorents are themselves not the cause of illegal file sharing, no more than automobiles cause drunk driving. The industry cannot possibly shut down a freely distributed file sharing model without shutting down the Internet itself, and obviously the distribution channel is not guilty of piracy but the people that us it are. Instead, the RIAA has adopted a policy of making examples by tracking down and arresting individual copy right distributors, a daunting and possibly futile task.

For example, it is extremely difficult to get a subpoena to far off corners of the world where governments are concerned with more important matters.

I’ll comment on how the RIAA enforces illegal distribution and the downside of their model in my next posting.

Will the New UDP-based Bittorrent Thwart Traffic Shaping?

A customer asked us today how the newer Bittorrent methods using UDP will affect our ability to keep traffic in check. Here is our first take on this subject (See the related article “Bittorrent declares war on VoIP, gamers”).

The change from TCP to UDP transfer will have some effect on our methods to throttle bandwidth, however, at
the IP level there is no difference between the two and we have never based our shaping techniques on whether packets were UDP or TCP. The ISP mentioned in the  article mentioned above likely uses TCP window-size manipulation to slow downloads. You can’t do that with UDP, and I think that is what the author was eluding to.

The only difference for the NetEqualizer will be that UDP streams are harder to knock down, so it may require a tuning change if it is really an issue. By this, I mean we may have to hit them harder with more latency than our standard defaults when throttling packets.

On a side note, we are seeing some interesting trends with regard to Bittorrent.

When looking at our customer networks, we are just not seeing the same levels of Bittorrent that we have seen in the past  (circa 2006).

We believe the drop is due to a couple of factors:

1)  The RIAA’s enforcement — The high school and university crowd has been sufficiently spanked with copyright prosecutions. Most people now think twice about downloading copyrighted material.

2) Legal alternatives — The popularity of online purchase music  sites has replaced some of the illegal transfers (These also take up bandwidth, but they are not distributed by bittorrent).

The recent trends do not mean that bittorrent is going away, but rather that viable alternatives are emerging.  However, while legal distribution of content is here to stay and will likely grow over time, we do not expect an explosion that will completely replace bittorrent.

Curbing RIAA Requests on Your Student Network

Editor’s Note: We often get asked by college administrators how the NetEqualizer can block p2p with our behavior-based rules. Since the NetEqualizer is containment based, it is effective in stopping approximately 80 to 90 percent of all p2p (see comparison with layer 7 shapers). Yet, questions and fears still remain about RIAA requests. Since the NetEqualizer is not a complete block, not that anything is, customers wonder how they can be safe from those intimidating lawyers.

In short, here’s the answer. The RIAA finds copyright violators by downloading files from your network. Since these downloads must be initiated from the outside, you simply need to block all outside initiated requests for data. Obviously you would still allow requests to your Web servers and other legitimate well known content servers on your network. Understanding this, administrators can configure their routers to work in conjunction with their NetEqualizers to largely curb RIAA requests.

Below, NetEqualizer user Ted Fines, the network administrator at Macalester College, shares his methods for preventing RIAA requests on his university network.

A few years ago, we implemented a rule on our firewall to improve our overall security. However, it has also had the added effect of stopping RIAA notices almost entirely.

The rule simply blocks all inbound connections to all ports on all residence hall computers. Here are some sample config lines from our firewall (aCisco PIX) that show how the rule works:

name Kirk description Kirk Res Hall
object-group network Res_Halls
description All Residence Halls
network-object Kirk
network-object Bigelow
network-object Wallace
access-list 101 extended deny ip any object-group Res_Halls

Even though it may appear this rule would interfere with normal user Web browsing, etc., this rule actually has no effect at all on what systems the student computers in our residence halls may access. This is because the firewall tracks what computer initiates the connection.

For instance, when a student tries to access “”, they are initiating the connection to CNN’s server. So when CNN’s server replies and send back news content, etc., the firewall knows that the student computer requested it and the incoming connection is allowed.

However, if a student is running a server, such as a Web server or a file sharing server, outside computers are not able to connect to it. The firewall knows that the outside computer is trying to initiate a connection, so it is blocked.

Our student body makes great use of our resources and we have a very open and unrestricted campus life, so I was pleasantly surprised that making this change did not ruffle any feathers. We do make exceptions when students request that a port be unblocked for a particular need. I have found that the ones who are savvy enough to know that they need a particular port opened are not typically the ones we have to be worried about, so we’re usually happy to accommodate them.

–Ted Fines, Macalester College, St. Paul, MN

Editor’s Note cont’d
: This recent tip was given on the ResNet mailing list by Sidney Eaton of Ferris State University…

If you want to minimize your notices, just block these address ranges on your firewalls (in and out):

These are MediaSentry IP addresses (the company scanning your network to determine if your users are sharing copyprotected materials). They are not the only company hired by the RIAA and MPAA but they are the largest one. So you may still get some but hopefully not as many.

Sidney Eaton, Ferris State University, Big Rapids, MI

%d bloggers like this: