Parasitic Computing

b0r0din writes: "CNN has this article about a way to force computers to solve complex computational problem using the checksum algorithm used by the TCP/IP protocol. For more technical details, see their website." You probably thought learning TCP/IP was useless. No! You can use it to make an extremely inefficient computer...

Lovely...

...as if viruses and SPAM didn't take up enough bandwidth.

Extremely inefficient computers

I have one of those -- it's running Windows ME.

Don't they have anything better...

to do with their time?

Christ, hiring a few hundred thousand third-worlders and teaching them to use an abacus would be faster.

Or course, the globalization protestors would never go for it... carry on then.

Legality?

Such online piracy does not violate the security of hapless servers, using only areas specifically earmarked for public access, according to the researchers.

But it could slow the machines down by engaging them in mindless conversation while they unwittingly work for their remote master, Barabasi said.


Isn't this theft of resources? The researchers are literally stealing bandwidth and clock cycles. Maybe it's just me, but this seems very ethically wrong. I wonder if an IDS or firewall can be configured to protect against such leeching. Any lawyers or firewall experts in the house?

Heh heh...

Wow! Could you imagine a Beowulf cluster choking on one of these?

Give me a break

"online piracy", "parasitic computing", "unwittingly work for their remote master"

You'd think they were talking about Code Red.

Interesting...

This does raise a lot of questions. I'd say it falls somewhere in the big grey area between unethical and illegal a lot closer towards the unethical, so long as there is no visible impact on the host system, but that's just me.

I don't think we'll be having to worry about it becoming endemic anytime soon, as it appears the type of problem that can be solved is somewhat limited.

Damn invasion

This is EXACTLY why I disable checksumming on all my serevrs. I work for an R&D company, I sure as hell wouldnt want another R&D using our servers to solve their problems.

Poepele used to think Iw sa paranoid, but now I have the proof.

Sun was right

The network is the computer

This looks possible, but why?

This will make an EXTREMLY slow computer, and if anyone out there knows anything about routing (which I am sure you do :) The time it would take to recieve and compile all of the data would take longer and require more bandwith than would be viable on the economy of scale.

Example --- need to send 4,000,000 packets out and recieve the TCP packet back.

To do this with any speed, and also to not lose a fair majority of packets, you have to have a huge backhaul.. (T-3, OC3 or larger) TCP will not continue sending packet so you will loses them. Cost for large backhaul. $4800 month, (as by what my company chages..)

4,800 x 12 $57,600

So for one year of a huge pipe to the net you will be paying 57,600 (through my provider)

This still will not fix latent packets that never get back to the user, or any other problems.. (such as someone on your network running bearshare and eating all of your bandwidth)

Now lets look at the amount of money used for that large amount of bandwidth.

$57,600 for the amount we could have spent on that line in one year we can build a beowulf cluster with 30 nodes (and that is being very liberal on the cost of the nodes)

Now, looking at the article that I read, it seems as if the computing style using TCP/IP is very very ineffiecint.

Personally, for the amount needed to make this work, on the scale of actually getting any real work done, I would much rather build a Athlon Beowulf cluster.

This looks like in reality this could only be implimented in the real world as a new type of DOS attack.

With a few mods......

Could figure out Pi to the umpteenth trillionth decimal place, A program that could run forever (or as long as TCP/IP was around anyway) stealing just a tiny fraction of CPU time from every computer it contacted.. Sort of like the guy who wrote the code at the bank to take 1/1000th of a cent out of each transaction, nobody would notice .... but it is still wrong...Just one more reason to be completely paranoid!!

Distributed seti@xxx.xxx.xxx.xxx?

wouldn't that be fun?

"Oh yeah? I have a multi homed gigabit 486!"

That is quite neat

It appears that people can still puplish their findings and not get sued for violation of some law, I wonder if the group who developed TCP/IP will sue these guys now because they "Violated" some law or something.

Possible application

Hey, I could turn CodeRed into a SETI@Home client!

possible DOS attack?

This particular technique will likely not become commonplace because the effort to make it work is far greater than the possible computational return.

True, but it could be modified and used to launch a DOS attack on a specific server, couldn't it?

Interview on All Things Considered

Those in Central, Mountain & further timezones might be able to catch it later today, or listen to it tomorrow on the ATC [npr.org] web site.

There must be more to this..

Its seems silly except maybe to point out that it can be done. Just about any modern computer can checksum data faster than it can read the data from main memory. By the time the nic has pulled the data from main memory the CPU could have already gotten an answer.

Why not use ICMP echo instead?

ICMP echo packets (ping packets) also includes a checksum. By using the ICMP checksum instead of the TCP checksum, almost every computer connected to the Internet could be used for computation, not only web servers.

Let the MPAA servers DeCSS for you

You could write a DeCSS client to find a decryption key by sending the computations out to the MPAA's servers. :)

Now the RIAA will want to ban TCP/IP!!!

But variations could be engineered to make online piracy much more efficient, he cautioned.

Uh, oh, now the RIAA, MPAA, and any other ??AA organizations will want to ban TCP/IP!

Does this mean the Internet is in violation of the DMCA?

I Have DONE THIS! I Did it years ago(steal cycles)

I Have DONE THIS! I Did it years ago (steal cpu cycles remotely for local computational tasks in a distributed network manner without having account priveledges on any target systems)

Many unitversities in the 1980s used the MERIT network and many still do.

A feture of MERIT allows logging onto any other system from another system and during a login process a free command line feature allows use of the CALC calculator line command.

This exotic command would only work for a while before they severed the line after about two minutes, unless you finally logged in validly so they could charge you the 9600 baud access fees.

The calculator command was great. It allowed a truly dumb terminal to do simple math functions. Other 1980's terminals such as Liberty Freedom Ones and other terminals have built in desk calculators modes.

You can use the calculator function to do multiplication and other operations without owning a system account. It even worked during modem connections and tou could tie up several connections by "hopping" during a login.

I created tools to use the math functions of the MERIT network to perform computations FOR FREE.

Merit is a private, non-profit corporation, governed by thirteen of Michigan's four-year publicly supported universities. In addition to the thirteen members there are 230 affiliates with a combined total of 425 dedicated network attachments from 398 separate locations. Merit affiliates include: 85 Colleges and universities,25 Community colleges ,117 K-12 schools or school districts , 22 Local, state, and federal government agencies ,16 Healthcare organizations , 111 Libraries , 21 Other non-profit organizations ,28 Businesses . Most were Amdahl mainframes (IBM clones).

Stealing free cpu cycles of innocent target machines as a parasite to perform complex computational tasks of a larger state machine, using network protocols is fun, especially if distributed across multiple systems and limitless.

I proudly did it first in the early 1980s.

(I have a life though and achieved many other more useful things by the way)

F.E.

Like an old joke...

Three priests are talking to each other how they split the money they get during the service between themselves and the part for the church.

The first priest says: I draw a line in the middle of the table and throw all the money on the table. Everything left of the line is for me, everything right of the line is for the church.

The second priest says: I draw a circle in the middle of the table. Everything which lands in the circle is for me, everything which lands outside is for the church.

The third priest says: I throw all the money in the air. Everything god grabs is for the church, the everything which lands on the floor is for me.


This project works the same: they send a request to a million webservers, everything which doesn't time out is good for them :-)

Ideas, please!

Most of the posts here have been of two schools:

1. It's impractical.
2. It's unethical.

Both valid points, but I think that it's foolish to dismiss this out of hand. First of all, it's a pretty slick hack. Very inventive, if nothing else. Secondly, it brings up some very interesting questions. Can this ever be made practical? What would it take? Would it be ethical to make it work? Can this be used to augment a DOS attack, or something similar? If so, how do we defend against it?

Maybe I'm talking out of my ass here. I don't know TCP/IP very well. However, I know that others of you out there really know your stuff. I'd like to hear from you.

Ender's Game

Anyone remember Jane from the later books in this series, and the philotic connections?

Interesting but not useful

i can't see how making the packet is less computationally intensive than computing the checksum. In the 2-SAT case, they're anyway generating all the 2^n cases, so the complexity is still exponential.
And another factor is of reliability. What if a packet times out. Not all the packets you send are responded to ... so if that one in a million packets which represents the actual solution times out then all your effort goes down the drain.

could this be an answer to micro payments?

User agreement: I'll let you access the information on my site at no direct cost to you IF you'll allow me access to your computer (not to exceed specified limitations) in return.

Click here to agree.

piracy?

Such online piracy does not violate the security of hapless servers, using only areas specifically earmarked for public access, according to the researchers.

Eh, there's that word again, pretty handy word isn't it?

Piracy: anything you do that someone else doesn't want you to do.

Contradiction

"We are not worried about copycats taking our program," Barabasi said.

But variations could be engineered to make online piracy much more efficient, he cautioned.

If it will make piracy more efficient, I'm pretty sure the pirates would be very interested in finding out more about it.

Hell, in my experience, most pirates would use a modem that belched huge clouds of carbon monoxide and was powered by grinding up kittens in a big hopper if it got them an extra 10k/s on their downloads.

Parasitic Computing is an example of A.I.

Parasitic Computing is a great example of what will happen once machines (or the Internet itself) become intelligent and self-aware. They could use the Internet in ways we could barely guess or understand in order to do data computations, data transportation, or data storage (the only 3 things any living creature needs).

A better way? Make the client do the work...

To really be useful, you need a longer time to do a more complicated calculation. So:

1) Create a compeling website that will get people to stick around for a while (free pr0n would probably work).
2) Put all your pages into frames with a hidden, 0 pixel frame.
3) Create dynamic pages (JSP/ASP/whatever) that will pipe down JavaScript to the hidden frame with the algorythm that needs to be run.
4) Let the calculation run while the user browses your site, then POST the results back to the server when it's done.

This would all be relatively transparent to the user... Of course, if they're all paranoid /. types, they'd probably have JavaScript turned off.

Why not enable this on purpose?

Why not make this a feature? Write an extremely simple virtual machine that would perform calculations as asked. Way smaller than java. Simple enough that you could write a proof that it couldn't try to play outside its sandbox.

You could give it a small chunk of memory to use, run it at a VERY low priority, and use SSH like transmission where the packets are automaticaly compressed and only a list of certain IPs would be accepted. All you would have to do is download the IPs of the distributed projects you wanted to work on and the virtual machine would accept packets from them. No specific clients to download for each project, and you would get distributed computing easily on all your machines.

Any projects like this? It would be great to have an always on and client secure distributed computing platform.

DDOS?

Finally a 'good' use for a distributed denial of service attack!

If you do it, do it right.

For full effect, use avian transport for the
TCP/IP packets. And write an interface to this
so that you can use it for SetiAtHome.

Albert-Laszlo Barabasi

This Barabasi guy's an ass. All he does is sensationalist pop-physics crap. Look at his website [nd.edu]. The organization of handclapping [nd.edu] (featured at ABCNews [go.com] and FoxNews [foxnews.com]), sandcastles [nd.edu], and internet topology and attack work [nd.edu] (discussed at Slashdot here [slashdot.org]). This guy just jumps between pop-science subjects and eats up press coverage of his crap.

Can we stop talking about him now?

An amusing thing to do...

...would be to make a DeCSS that uses this technique to decrypt DVDs with the 'help' of MPAA's web servers!

Website

Scientific American pointed me to this website on the topic, looks like the source:
http://www.nd.edu/~parasite/

Villain-to-Victim Computing Applications Anyone?

This reminds me of one of the Works in Progress papers from the this year's USENIX security symposium on Villain-to-Victim [uni-erlangen.de].

Basically you store data by sending off an icmp echo request containing arbitrary data to a site or sites that you know have slow links and wait for it to come back. You are using the routers etc in between as a storage medium.

Re:MOD PARENT UP!!!!!!!

I know, they really are.

Re:Interesting concept

yeah... telnet.

Re:Interesting concept

Anyway, other than the TCP checksum, are there any other protocols out there that do something more computationally intense to the data before returning it?

An interesting idea is the hijacking of authorization sections of secure protocols, dispatching authentication requests based on a public/private key pair you are trying to hack, to thousands of servers and the one that returns a successful result must have been given the correct key pair.

Of course, I'm fairly certain most widespread secure protocols can't be used like this, but one or two of the less common ones might have a loophole... but then again, if they're less common, resources would be scarce, and you're better off trying to crack things on your own.

Re:Is this legal?

Well, starting a TCP connection isn't illegal (although starting many, many of them is, of course.) But I wouldn't worry about it - like the researchers say, this would be useless for almost every distributed app imaginable.

Re:Interesting concept

A brief read of the paper tells me that it's simply a brute force method of checksumming; they send all possible bit combinations in the checksum field (using the same actual message bits), and the server only responds to the correct checksum. They don't actually compute the checksum locally.

While it does work, it's basically trading a (relatively) small amount of actual computation for a large amount of bandwidth. Actually sending those packets out in the first place may take more computation that the actual checksum would, so I'm not sure if this is entirely useful...

Re:Inefficient compared to what?

Funny, my roomate loves the image viewing program I threw together in Java. It's so fast it increases his PPS (Porn Per Second). The only real delay is my own fault, when you open a folder with 1000+ files it takes a few seconds to sort them (I hate when 10.gif comes before 2.gif).

Guess I shouldn't have used a bubble sort :-)

excellent question!!

Now that *would* be an efficient use of this technology...

Interesting question... (response OT)

Akin to:

If I steal something from you, and you never, ever notice that thing is gone (ie, out of your posession), have I really stolen from you, from your viewpoint?

I mean, if you don't know, you don't know, right?

Re:Interesting concept

You'll find if you read the article that the authors specifically state that they know it is more computationally intensive to do this. It is purely a theoretical exercise in the true spirit of hackerdom -> who cares if it has a purpose, let's just see if we can do it:)

Re:Chinese Lottery

In practice...

You'd have to have pretty redundant hard-to-break TVs.. maybe the TV that solves it can display a special number that it displays for its owner to call when it has solved the problem. Of course, will the owner call? :)

Moderators? Fuck wits more like

So the above is "off-topic", but this [slashdot.org] later post saying the same thing is a "+3 Funny"? I'd like to moderate, if it means I can get some of what this moderator's been smoking. Fuckwit.