Napster Cooks up Soup-to-Gnutella Network Management Challenges

  • Written By: C. McNulty
  • Published: May 17 2000

Napster Cooks up Soup-to-Gnutella Network Management Challenges
C. McNulty -May 17, 2000

Event Summary

LOS ANGELES -- On April 13, Recording artists Metallica, and related businesses filed suit in U.S District Court Central District of California against Napster, Inc., The University of Southern California, and Indiana University.

Metallica and its allied plaintiffs are the copyright owners of sound recordings and musical compositions created by Metallica and possess the exclusive right to commercially distribute these songs and sound recordings and derive income therefrom.

The suit alleges that Napster and the other defendants - by encouraging and enabling visitors to its website to unlawfully exchange with others copyrighted songs and sound recordings without the knowledge or permission of Metallica - have violated the law by committing continuing copyright infringements, unlawful use of digital audio interface device, and violations of the Racketeering Influenced & Corrupt Organizations Act (RICO).

Market Impact

In "traditional" MP3 searches, users go to a public FTP or HTTP site and search for musical artists. Napster provides an easy way for MP3 users to search directly for MP3 files stored on other user systems - not a central server. In the Napster system, only the currently connected users and files are referenced on central servers. Napster can be difficult to catch. It runs port scans between its host and remote systems, and is pretty clever about using "any port in a storm". Beyond its default TCP port (6699), Napster can also use ports 80, 20, 21 & 23 - including common FTP and Web ports often left open on most firewalls.

Napster led to an even harder-to-catch project, Gnutella. Gnutella allows users to search other hard disks for any file type - not just MP3 audio. Not even the indices of users and files are centrally maintained. (By the way, Gnutella is open source. Expect to see new versions frequently.)

Many users - and many network managers - probably thought Napster was flying "under the radar", since user activities are mostly anonymous. That's wishful thinking. In the Metallica suit, plaintiffs filed the usernames of over 335,000 users who swapped Metallica's music via Napster. The suit also named two universities as defendants for allowing students unfettered Napster access.

After college, most people's most consistent access to high-speed Net access is at the office. Corporations are obvious targets for more of these kinds of cases.

User Recommendations

Napster and Gnutella mean two things for your organization - legal liability and bandwidth consumption.

Since Gnutella is a shifting peer-to-peer network, searches are distributed and cascaded amongst other connected Gnutella users. It's not quite a broadcast storm, but it's not a frugal consumer of shared bandwidth either. Also, for Gnutella, the lack of a centralized server means distributed searches run via broadcast cascades on TCP port 6346. At a minimum, make sure you restrict firewall access to ports 6699 (Napster) and 6346 (Gnutella).

Since these programs allow users to circulate potentially illegal copies of audio files, or pornography, they have no place on your network. Make sure your written desktop security policy prohibits users from installing unapproved applications. (If you can, this is another reason to lock down user desktops.)

comments powered by Disqus