LOS ANGELES -- On April 13, Recording artists Metallica, and related businesses
filed suit in U.S District Court Central District of California against
Napster, Inc., The University of Southern California, and Indiana University.
and its allied plaintiffs are the copyright owners of sound recordings
and musical compositions created by Metallica and possess the exclusive
right to commercially distribute these songs and sound recordings and
derive income therefrom.
suit alleges that Napster and the other defendants - by encouraging and
enabling visitors to its website to unlawfully exchange with others copyrighted
songs and sound recordings without the knowledge or permission of Metallica
- have violated the law by committing continuing copyright infringements,
unlawful use of digital audio interface device, and violations of the
Racketeering Influenced & Corrupt Organizations Act (RICO).
In "traditional" MP3 searches, users go to a public FTP or HTTP site and
search for musical artists. Napster provides an easy way for MP3 users
to search directly for MP3 files stored on other user systems - not a
central server. In the Napster system, only the currently connected users
and files are referenced on central servers. Napster can be difficult
to catch. It runs port scans between its host and remote systems, and
is pretty clever about using "any port in a storm". Beyond its default
TCP port (6699), Napster can also use ports 80, 20, 21 & 23 - including
common FTP and Web ports often left open on most firewalls.
Napster led to an even harder-to-catch project, Gnutella. Gnutella allows
users to search other hard disks for any file type - not just MP3 audio.
Not even the indices of users and files are centrally maintained. (By
the way, Gnutella is open source. Expect to see new versions frequently.)
Many users - and many network managers - probably thought Napster was
flying "under the radar", since user activities are mostly anonymous.
That's wishful thinking. In the Metallica suit, plaintiffs filed the usernames
of over 335,000 users who swapped Metallica's music via Napster. The suit
also named two universities as defendants for allowing students unfettered
college, most people's most consistent access to high-speed Net access
is at the office. Corporations are obvious targets for more of these kinds
Napster and Gnutella mean two things for your organization - legal liability
and bandwidth consumption.
Gnutella is a shifting peer-to-peer network, searches are distributed
and cascaded amongst other connected Gnutella users. It's not quite a
broadcast storm, but it's not a frugal consumer of shared bandwidth either.
Also, for Gnutella, the lack of a centralized server means distributed
searches run via broadcast cascades on TCP port 6346. At a minimum, make
sure you restrict firewall access to ports 6699 (Napster) and 6346 (Gnutella).
Since these programs allow users to circulate potentially illegal copies
of audio files, or pornography, they have no place on your network. Make
sure your written desktop security policy prohibits users from installing
unapproved applications. (If you can, this is another reason to lock down