Today we had the last day of our blockseminar on Internet Measurement (see my post on day 1) and heard the following talks:

• nCap: Wire-speed Packet Capture and Transmission Improving Passive Packet Capture: Beyond Device Polling [Slides] [Student Paper] [Original Paper 1 Paper 2]
• DisCarte: A Disjunctive Internet Cartographer [Slides] [Student Paper] [My Blog Post] [Original Paper]

After completing the talks, we had a quite fruitful discussion on presentation style of every talk that will be hopefully helpful for the attending students. In general, I was really impressed by the quality of the talks. Some were really brilliant but all of them were unexpectedly good in general.

I really enjoyed this seminar and hope our advanced seminar on Internet Routing offered next term will be as interesting as this one.

Today was the first day of our two days blockseminar on Internet Measurement, in which I supervised two students. During the seminar, we addressed the following topics (papers) by talks held by students attending the seminar along with a discussion on the topic afterwards:

• Characterizing Files in the Modern Gnutella Network: A Measurement Study [Slides] [Student Paper] [Original Paper]
  Which files are shared on Gnutella and what are their characteristics? Besides studies that derived traces by hosting peers dedicated to provide measurement data, this paper describes data derived from crawls of the Gnutella network.
• Rarest First and Choke Algorithms Are Enough [Slides] [Student Paper] [Original Paper]
  This paper discusses why BitTorrent performs well and states that the Rarest First Algorithm and the Choke algorithm are enough to provide reasonable fairness, diversity of the content pieces and performance. Roughly speaking, Those are the key features that differentiate BitTorrent from other peer-to-peer file sharing protocols.
• Leveraging BitTorrent for End Host Measurements [Slides] [Student Paper] [Original Paper]
  How optimistic unchokes—provided by BitTorrent and essential for its functionality—can be exploited to perform end host measurements; a dedicated and modified BitTorrent client called BitProbes downloads two megabytes of data from peers—by acting as a freerider and not uploading downloaded data—and uses this communication for conducting host measurements.
  Some points that have been discussed: (1) the authors claim that downloading but not storing the data is enough to avoid legal issues. Is that really true? (2) During a sample 7 days crawl, the authors covered about 20% of the available autonomos systems (AS) in the Internet. What does this number mean? Is it a high coverage, or a low one? For the answe, one has to keep in mind that not all AS are likely to host BitTorrent clients (like enterprise networks).

• Unconstrained Endpoint Profiling (Googling the Internet) [Slides] [Student Paper] [Original Paper]
  How documents indexed by Google can be used to label IP addresses with applications run by a particular host
  The discussion mainly focused on the question whether the proposed method is really unconstrained as the title of the paper claims. Some key points: (1) The propsed method relys on Google, but the Google index varies (regional filtering etc.). (2) Existance of the deep web: not every available document is indexed by a particular search engine. (3) How dynamic are IP addresses? What if we want to label IPs of access providers which usually map to a set of users that used it in the past? (4) Can we trust data provided by the third parties (e.g. faked access log files etc.)?
  We agreed that this methodology seems good to discover trends but details have to be taken with a pinch of salt.
• I Tube, You Tube, Everybody Tubes: Analyzing the World’s Largest User Generated Content Video System [Slides] [Student Paper] [Original Paper1 Paper 2]
  What kind of videos are shared on YouTube and what is their access characteristics. See my blog post on this from October 2007.
• The Flattening Internet Topology: Natural Evolution, Unsightly Barnacles or Contrived Collapse? [Slides] [Student Paper] [Original Paper]
  This paper analyses a trend of big content provider building up WANs and tend to bypass Tier 1 providers to save transit costs and increase performance which flattens the Internet topology

For references to the original papers, the student papers (mostly in German) and slides, see the seminar webpage. The talks had a very high quality and the discussions were pretty interesting. So I’m really looking forward to day II.

We’re done with correcting and grading the exams; white smoke is escaping from our university building The results are quite ok with a failure rate of 20% (students which did not pass).

There is a positive correlation between the points earned in the exercises and the exam points (correlation coefficient 0.62); students which made an effort to solve the exercises carefully on their own (!) typically scored high in the exam.
The fact that the correlation coefficient is not close to 1 may be interpreted in two ways; (1) students are typically stressed under examination conditions and some may cope with those conditions better than others, and, (2) some students may not solved the exercises on their own and may have handed in solutions made by fellow students (we actually caught some students cheating).
General advice: do the exercises and do them carefully on your own! Think about the problems and ask questions in case you did not fully understand a particular concept. This is actually a truism every student may be aware of, but it turns out to be true once more.

In retrospect I have to say that it has been a nice course with good students. I enjoyed the time with them in the exercise sessions. Some handed in brilliant solutions that amazed me. Some amazed me by the progress they were making. Some stimulate one by the questions they ask. Few frustrated one when caught them cheating.
Big universities are often criticised for their anonymity; a student is just a number, a face in the crowd. As you can see, this is not entirely true.

However, when thinking back, here’s a list of some common misunderstandings I faced in the curse of the semester (maybe this helps when preparing for exams):

• Although ARP is used to establish a mapping of layer 3 (IP) to layer 2 (MAC) addresses, it is not used to lookup entries in a forwarding table (to which port do I have to forward packets for X and so on)
• half-open in the sense of TCP does not mean that a connection is open half of the time
• In contrast to MAC addresses, IP addresses are typically not rewritten when traversing a router (excluding the case of NAT)
• MAC addresses can be used only within a particular LAN segment. One cannot address hosts located in a different LAN.
• A common place for misunderstandings is the protocol stack: which protocol relys on which (e.g. ARP does not rely on UDP) and where is it located within the stack (e.g. DNS is no transport layer protocol)

There are probablly much more, but I don’t remember them right now…

The exam is over now and I have a good feeling by the feedback we got from students. It seems like that the problems were appropriate but the time was a little bit to short in order to solve everything. Moreover, no one returned the exam in the first n minutes because he was scarified by its problems, which is a good sign Only one student returned his exam before the time was over.

However, although we did extensive testing, we didn’t found all of the bugs that were in this exam. There were some very minor things that could confuse students at first place (e.g. there was a misleading host symbol, but reading the problem description should make things clear).

The only strange thing I noticed so far: one student did not put his identity (name etc.) on the exam, so he returned it anonymously. However, as he was the only one and we have a attendance list as well as sequentially assigned exam ID’s that point to the left and right neighbor along with seating arrangements, we could guess who the anonymous student is likely to be.

However, we realised that the proposed scheme of introducing exam IDs in order to parallelise the correction process breaks if we allow students to put solutions for multiple tasks on one single sheet of additional paper.

We now have to form teams doing the correction of a particular problem…

One semester draws to a close. We will have the Network Protocols and Architectures exam tomorrow, and, after one week of work on the exam, most of the things are prepared now. It is always amazing to see the significant amount of time that has to be put into designing and testing (!) a small set of reasonable questions. What are reasonable questions? Are they trivial or to hard to solve, given the knowledge obtained in the course? Are they solvable in the given time? Do they cover the main aspects of the lecture sufficiently? What is the usability of the exam; does one has to turn pages unnecessarily often in order to solve a problem, are important things sufficiently highlighted, is the text easy to read/understand, …? Is every unwanted ambiguity removed that would make the correction unnecessarily complicated by allowing a too wide variety of possible answers? Does the English translation of the problem description map 1:1 to the German original? There are a lot of things to consider when designing exams.

In order to guarantee the quality of the exam, we had a iterative approach; two people were mainly responsible for designing and typesetting the exam, two senior people were reviewing the problems, others were solving it while taking the time. After having some iterations of this procedure, I think that we have a pretty stable exam now.

Moreover, I introduced the concept of exam IDs; each exam will have a unique id that is printed on all sheets that will be part of the grading. There will be a cover sheet that contains the ID and a form where the student can provide his personal data. Besides the cover sheet, there won’t be any personal date (like a name) on any other sheet. This will allow us to do two things: 1) exams can be corrected in an anonymised way; the corrector does not know about the identity of the student and thus cannot be biased. 2) the correction process can be easily parallelized by forming groups that correct only one specific problem of the exam without having the student to write his name on every sheet that we provide. The ID can be easily printed in advance, but it’s much harder with names as handing out the exams before the exam starts would take much longer then.
Drawbacks: printing takes much longer (I needed to write shell scripts that replace predefined exam ID tags in the postscript code with the actual ID and sent them to the printer, etc.). Moreover, the exam parts, corrected by different groups, have to be combined at the end. But this will scale with the amount of people correcting it.

After having spend like one entire week on preparing the exam, I’m now really excited about its result. Will the students have problems with the task? Is it really not too hard to solve? Will there be any complications? Lets see. I think I’m as exited as the students

Networks in the Internet are—roughly speaking—grouped into Autonomous Systems (AS), which have a corresponding Autonomous System Number (ASN) as identifier. Using the routing prefixes (CIDR), IP addresses can be mapped to autonomous systems to find out which administration is running a certain network in which the requested service is provided. Lookups can be done in several ways. However, a compfortable one is provided by a Firefox browser Plugin called ASNumber. For each accessed website, AS related information will be displayed in the status bar of the Firefox web browser.

Please note that the resolution is done using a service hosted by the authors of ASNumber: eu.asnumber.networx.ch (if not cached locally). Thus, privacy related information about ones browsing behaviour may be logged on an external site and thus one may not enable the plugin all the time. An example request illustrating the lookup is given by this link.

I briefly want to point to some (online) books on probability theory. There are a few good ones available online, like the book of of Robert Ash entitled Basic Probability Theory or some books by Robert Gray, e.g. Probability, Random Processes, and Ergodic Properties or Introduction to Statistical Signal Processing. However, when going for printed copies, one may look at books authored by Geoffrey Grimmett, especially Probability and Random Processes. The latter illustrates the right level of probability theory needed in most of the research fields in computer science in a comprehensive and understandable way. A strong feature of this book is its large collection of exercises (there is even a second book dedicated to exercises only, which is more helpful to the learner as it contains also the solutions to each exercise posed in that book) and good examples ilustrating the most important theorems.

The debate about wireless security has, so far, focused on preventing people from getting unauthorised access to one’s wireless network. WEP has been shown to be breakable in less than 60 seconds, assuming a certain success probability, by Tews et al. in 2007. Unsecured wireless networks–and WEP can be considered as “unencrypted” due to the work by Tews et al.–are widely considered as a security problem, as unauthorised people may start misusing the network and cause additional costs or legal issues.

A paper by Hu et al. entitled WiFi Epidemiology: Can Your Neighbors’ Router Make Yours Sick? discusses a different issue. People know they might spread the flu virus due to airborne infection when being, living or working closely with other people and thus the virus may exploit this tightly interconnected proximity network. When using computer systems, many users might have experienced that once their system is infected by some virus or other kinds of malware, it might start contributing to spread the virus even further. So flu like epidemics can happen in the digital world as well.

The paper by Hu et al. addresses exactly this issue and transfer it to the wirless domain by asking wether wirless routers, which form a tightly interconnected proimity network in densely populated urban areas, can contribute to spreading malware and thus create “wireless epidemics”. Epidemiology is good understood in other fields. Transfering those results to the wirless domain and highlighting possible security flaws is thus very important and the paper moves into an interesting direction.

The scenario considered in the paper relys on typical security flaws: i) weak or unchanged default passwords and ii) weak or broken cryptographic systems. Thus, the rate of possible infections can be prevented as follows:

• Change the default password of your wireless router to some reasonable secure password
• Use an state-of-the-art cryptographic standard that is still considered as “secure” (currently: WPA). Thus, don’t use WEP any longer.