[IP] the explaination of a experiment on yet* Another new Google twist..

To: ip@xxxxxxxxxxxxxx
Subject: [IP] the explaination of a experiment on ****yet***** Another new Google twist..
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 10 Jan 2006 07:54:31 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <43C31507.9070207@xxxxxxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Harsha V Madhyastha <harsha@xxxxxxxxxxxxxxxxx>
Date: January 9, 2006 8:59:35 PM EST
To: dave@xxxxxxxxxx
Subject: Re: [IP] more on ****yet***** Another new Google twist..

Dave,

Here is a brief explanation of the experiment that Google is carryingout. This was recently posted to the PlanetLab support mailing listby one of the members involved in this research.


==================================================

Dear Jon,

it seems that your firewall is logging packets that are triggered by a

research experiment that I am involved in. It is being run by Google,and aims at measuring latencies to a small random fraction of Googleclients.

The experiment is completely harmless: it only causes some Googleclients to retrieve small pieces of content from Web servers runningon port 81 of selected PlanetLab nodes. These content pieces areretrieved using HTTP connections that your firewall is logging. Younotice 6 entries per connection because your firewall is loggingevery single packet that belongs to that connection, and there areapparently 6 such packets. The latencies to Google clients areestimated by the Web servers running on PlanetLab nodes based on thedynamics of packets forming the HTTP connections.

I am sorry for the inconvenience that this experiment might havecaused to you. I must also tell you that you are extremely lucky tohave beenselected to participate in the experiment twice within 5 minutes, asit is extremely unlikely to happen.


Finally, given that retrieving small additional content from PlanetLab

nodes is perfectly safe, you can simply ignore the log entriesproduced by your firewall. However, should you decide to allow theadditional HTTP connections to be opened, you will be helping in anexciting research experiment, for which I would be extremelygrateful. I am also ready to answer any further questions you mighthave about this experiment.


Best regards,
Michal Szymaniak


>> Thu Jan 05 05:43:45 2006: Request 12581 was acted upon.
>> Transaction: Ticket created by jds@xxxxxxxxxxxxxxx
>>
>> Subject: Odd firewall traffic
>>

>> Sorry for the interruption! I hope you can help me. I'm perplexedby this:

>>

>> Jan 5 14:28:42 localhost kernel: jds-FW: IN= OUT=eth0SRC=192.168.0.3>> DST=128.101.191.245 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31804 DFPROTO=TCP

>> SPT=33139 DPT=81 WINDOW=5808 RES=0x00 SYN URGP=0
>>

>> Jan 5 14:32:17 localhost kernel: jds-FW: IN= OUT=eth0SRC=192.168.0.3>> DST=164.164.104.163 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7594 DFPROTO=TCP

>> SPT=52904 DPT=81 WINDOW=5808 RES=0x00 SYN URGP=0
>>
>> As you can see it's coming from inside my firewall. I have a home

>> router/firewall. This source (192.168.0.3) is my laptop which isrunning Debian>> 3.1. It has been behind the router/firewall since I installed it.I recently>> stared learning about the iptables firewall and have a defaultDROP policy.>> That's why I'm getting these logged. When these get logged theyseem to log 6>> hits at a time all on the same SPT and DPT and always to thesetwo URL's which>> led me to you. I don't know that I have ever visited a coralizedlink as your>> site states. Either way I'm perplexed how and why this traffic istrying to go>> out from my laptop, and what it is trying to send out. I'm alsowondering how to>> stop it other than adding another rule to DROP them before theyget logged.

>>
>> Any help would be welcome!
>> Jon
>>
>> _______________________________________________
>> PlanetLab Support Mail Reflector
>> support@xxxxxxxxxxxxxx
>> https://lists.planet-lab.org/mailman/listinfo/support-community
>>


_______________________________________________
PlanetLab Support Mail Reflector
support@xxxxxxxxxxxxxx
https://lists.planet-lab.org/mailman/listinfo/support-community

David Farber wrote:

Begin forwarded message:
From: Rodney Joffe <rjoffe@xxxxxxxxxxxxxx>
Date: January 9, 2006 6:11:13 PM EST
To: Lauren Weinstein <lauren@xxxxxxxxxx>, Dave Farber<dave@xxxxxxxxxx>
Subject: Re: [IP] more on Another new Google twist..
Hi Lauren,
On Jan 9, 2006, at 1:36 PM, David Farber wrote:
Begin forwarded message:

From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: January 9, 2006 2:41:01 PM EST
To: dave@xxxxxxxxxx
Cc: capek@xxxxxxxx
Subject: Re: [IP] Another new Google twist..

This is not entirely a straightforward situation.  First, such
history displays are almost certainly based on cookies, so persons
who do not allow Google cookies are unlikely to see such output.
(Note however that this is a separate issue from Google's internal
logs of user search activity presumably tied to IP addresses.)
But wait, there's more. I have also been noticing seemingly randombut frequent attempts to trigger firefox connections to variousplanetlabs machines (http://www.planet-lab.org/) as a result ofGoogle searches. I think it is admirable that Google is supportingthe research world but were it not for my "littleSnitch"application, I would have had no idea. Nor do I know what Googleis triggering, or what data is being forwarded to the planetlabsnetwork, or why - I haven't bothered to stop it thus far. Have younoticed this? "Googling" for this brings up general hints showingGoogle's involvement, but I can't find any official note inGoogle's help pages or FAQ.
Machines include:
Server: planet3.seattle.intel-research.net (12.17.136.138)
Server: planetlab2.ls.fi.upm.es (138.100.12.149)
Server: planetlab2.eecs.umich.edu (141.213.4.202)
Server: planetlab1.pop-rs.rnp.br (200.132.0.69)
Server: planetlab1.pop-rs.rnp.br (200.132.0.70)
----------------------------------------------
Rodney Joffe
CenterGate Research Group, LLC.
http://www.centergate.com
"Technology so advanced, even we don't understand it!"(R)
-------------------------------------
You are subscribed as harsha@xxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/

--

---------------------------------------------------------------------------

University of Washington | http://www.cs.washington.edu/homes/harsha
harsha@xxxxxxxxxxxxxxxxx | http://harshaandsports.blogspot.com

---------------------------------------------------------------------------



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on ****yet***** Another new Google twist..
Next by Date: [IP] more on the experiment on ****yet***** Another new Google twist..
Previous by thread: [IP] more on ****yet***** Another new Google twist..
Next by thread: [IP] more on the experiment on ****yet***** Another new Google twist..
Index(es):
- Date
- Thread

[IP] the explaination of a experiment on ****yet***** Another new Google twist..

[IP] the explaination of a experiment on yet* Another new Google twist..