370 likes | 514 Views
Applications. Host Names (DNS). Overview. Names versus Addresses names are variable length, mnemonic, easy for humans to remember addresses are fixed length, tied to routing, and easy for computers to process Name Space defines set of possible names flat versus hierarchical
E N D
Overview • Names versus Addresses • names are variable length, mnemonic, easy for humans to remember • addresses are fixed length, tied to routing, and easy for computers to process • Name Space • defines set of possible names • flat versus hierarchical • consists of a set of name to value bindings
Address Assignment • Network Information Center (NIC) used to maintain all name to address bindings • Limited scalability • Distributed name servers now used • ICANN now assigns names
Domain Hierarchy • Example hierarchy • Example name: cheltenham.cs.arizona.edu
Name Servers • Partition hierarchy into zones • Each zone implemented by two or more name servers
Resource Records • Each name server maintains a collection of resource records • <Name, Value, Type, Class, TTL> • Name/Value: not necessarily host names to IP addresses • Type • NS: the Value field gives the domain name for a host running a name server that knows how to resolve names within the specified domain. • CNAME: the Value field gives the canonical name for a particular host; it is used to define aliases. • MX: the Value field gives the domain name for a host running a mail server that accepts messages for the specified domain. • Class: allow other entities to define types • TTL: how long the resource record is valid
Example The edu Root server has a record for each second level server Name Value Type Class <arizona.edu, telcom.arizona.edu, NS, IN> <telcom.arizona.edu, 128.196.128.233, A, IN> <bellcore.com, thumper.bellcore.com, NS, IN> <thumper.bellcore.com, 128.96.32.20, A, IN>
Arizona server: <cs.arizona.edu, optima.cs.arizona.edu, NS, IN> <optima.cs.arizona.edu, 192.12.69.5, A, IN> Third level name server <ece.arizona.edu, helios.ece.arizona.edu, NS, IN> <helios.ece.arizona.edu, 128.196.28.166, A, IN> Third level name server <jupiter.physics.arizona.edu, 128.196.4.1, A, IN> <saturn.physics.arizona.edu, 128.196.4.2, A, IN> <mars.physics.arizona.edu, 128.196.4.3, A, IN> <venus.physics.arizona.edu, 128.196.4.4, A, IN> Final address records
CS server: <cs.arizona.edu, optima.cs.arizona.edu, MX, IN> Mail server for domain translation <cheltenham.cs.arizona.edu, 192.12.69.60, A, IN> <che.cs.arizona.edu, cheltenham.cs.arizona.edu, CNAME, IN> Alias definition <optima.cs.arizona.edu, 192.12.69.5, A, IN> <opt.cs.arizona.edu, optima.cs.arizona.edu, CNAME, IN> <baskerville.cs.arizona.edu, 192.12.69.35, A, IN> <bas.cs.arizona.edu, baskerville.cs.arizona.edu, CNAME, IN>
Normal Machines star:~> dig pepperoni.cs.byu.edu ; <<>> DiG 9.2.1 <<>> pepperoni.cs.byu.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22049 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;pepperoni.cs.byu.edu. IN A ;; ANSWER SECTION: pepperoni.cs.byu.edu. 1 IN A 128.187.175.30 ;; AUTHORITY SECTION: cs.byu.edu. 1 IN NS hell.cs.byu.edu. cs.byu.edu. 1 IN NS heaven.cs.byu.edu. ;; ADDITIONAL SECTION: hell.cs.byu.edu. 1 IN A 128.187.168.21 heaven.cs.byu.edu. 1 IN A 128.187.168.20 ;; Query time: 4 msec ;; SERVER: 128.187.173.16#53(128.187.173.16) ;; WHEN: Mon Dec 2 10:33:26 2002 ;; MSG SIZE rcvd: 126
More than one IP address star:~> dig pizza.cs.byu.edu ; <<>> DiG 9.2.1 <<>> pizza.cs.byu.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24739 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 26, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;pizza.cs.byu.edu. IN A ;; ANSWER SECTION: pizza.cs.byu.edu. 1 IN A 128.187.175.42 pizza.cs.byu.edu. 1 IN A 128.187.175.43 pizza.cs.byu.edu. 1 IN A 128.187.175.44 pizza.cs.byu.edu. 1 IN A 128.187.175.45 pizza.cs.byu.edu. 1 IN A 128.187.175.48 pizza.cs.byu.edu. 1 IN A 128.187.175.49 pizza.cs.byu.edu. 1 IN A 128.187.175.50 pizza.cs.byu.edu. 1 IN A 128.187.175.51 pizza.cs.byu.edu. 1 IN A 128.187.175.53 pizza.cs.byu.edu. 1 IN A 128.187.175.54 pizza.cs.byu.edu. 1 IN A 128.187.175.55 pizza.cs.byu.edu. 1 IN A 128.187.175.56 pizza.cs.byu.edu. 1 IN A 128.187.175.57 pizza.cs.byu.edu. 1 IN A 128.187.175.58 pizza.cs.byu.edu. 1 IN A 128.187.175.60 pizza.cs.byu.edu. 1 IN A 128.187.175.61 pizza.cs.byu.edu. 1 IN A 128.187.175.30 pizza.cs.byu.edu. 1 IN A 128.187.175.31 pizza.cs.byu.edu. 1 IN A 128.187.175.32
Next Time star:~> dig pizza.cs.byu.edu ; <<>> DiG 9.2.1 <<>> pizza.cs.byu.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24739 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 26, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;pizza.cs.byu.edu. IN A ;; ANSWER SECTION: pizza.cs.byu.edu. 1 IN A 128.187.175.43 pizza.cs.byu.edu. 1 IN A 128.187.175.44 pizza.cs.byu.edu. 1 IN A 128.187.175.45 pizza.cs.byu.edu. 1 IN A 128.187.175.48 pizza.cs.byu.edu. 1 IN A 128.187.175.49 pizza.cs.byu.edu. 1 IN A 128.187.175.50 pizza.cs.byu.edu. 1 IN A 128.187.175.51 pizza.cs.byu.edu. 1 IN A 128.187.175.53 pizza.cs.byu.edu. 1 IN A 128.187.175.54 pizza.cs.byu.edu. 1 IN A 128.187.175.55 pizza.cs.byu.edu. 1 IN A 128.187.175.56
Names • Domain Name used by humans • Translated to IP number by name server • Aug 2000 • Total domains registered worldwide: 33,014,322 • Total .COM registered: 19,967,569 • IP number used to route in internet • Forwarding occurs until packet reaches physical network • ARP is used to translate into a physical address • Physical address is unique and will be used to direct the packet to the correct machine
‘Top Level’ Domains “Generic” Top Level Domains • .com commercial • .org organization • .net network ~ 240 ISO Top Level Domains • .af Afghanistan • .ca Canada • .dk Denmark • .fr France • .uk United Kingdom • .us USA • .zw Zimbabwe • “US-only” Top Level Domains • .gov government • .edu education • .mil military “Restricted” Top Level Domain .int treaty organizations
ICANN • Internet Corporation for Assigned Names and Numbers (ICANN) • Created in October 1998 by a broad coalition of the Internet’s business, technical, academic, and user communities • Coordinates • Internet domain names • Internet Protocol address numbers • protocol parameter and port numbers • Elected officials worldwide
New top level names • .aero – Societe Internationale de Telecommunications Aeronautiques SC, (SITA) • .biz – JVTeam, LLC • .coop – National Cooperative Business Association, (NCBA) • .info – Afilias, LLC • .museum – Museum Domain Management Association, (MDMA) • .name – Global Name Registry, LTD • .pro – RegistryPro, LTD
Web Server Load Balancing • User Selection • DNS Round Robin
The real solution? • Resolve name to an IP address that is closest in network distance to the client? • Cache content within the network? • Probe the network to determine best location for download? • What about international characters? Name registration?
Gnutella • Something Like Napster • No central server, just a protocol and client • Based on peer-to-peer connections • Every machine is a server and a client • You find other people in your “Horizon” through reflectors or IRC • It masks your IP address to keep people from tracing the source of content
Power Line Networking • Cheap • Uses existing wiring • $50 for hardware to connect two machines • Connects to USB or serial devices • Slow? • 50Kbps-350Kbps • Intelogis 2Mbps and 10Mbps available next year • Range • ¼ mile • Encodes data on top of 60Hz AC power • Can’t go through a transformer, no 220V support
Powerline Exchange (PLX) protocol • deterministic time slots • "Datagram Sensing Multiple Access" with a "Centralized Token-Passing" scheme, or DSMA/CTP • Quality of Service Provided
TCP Vegas • Value of throughput with no congestion is compared to current throughput • If current difference is smaller, increase window size linearly • If current difference is larger, decrease window size linearly • The change in the Slow Start Mechanism consists of doubling the window every other RTT, rather than every RTT and of using a boundary in the difference between throughputs to exit the Slow Start phase, rather than a window size value.
Network System Security Michael Torrie William Moyes
Network System Security • Initial Installation and setup • IP Security • Intrusion Detection • When you are compromised
Initial Installation and Setup • Assume NOS base installation is never secure • Change all default passwords • Remove unneeded services • If you don’t know what it does, you probably don’t need it (inetd, SYS V) • Download all security patches, service packs, and updated packages • Install security tools (firewalls, logging, monitoring software) • Audit and verify security • Establish remote logging server
Firewalls – First Line of Defence • Does not guarantee security • Necessary band-aid solution • Effectiveness depends on application security • Deny all incoming traffic with exceptions for exported services (web, ssh, etc) • Common tools include ipchains, ZoneAlarm • Many DSL and cable routers have fire-walling capabilities built in. • If you are on broadband (ie resnet), you need a firewall. (Especially unix-based OS’s)
Intrusion Detection Software • Network traffic analyzers • Portscanner detectors • File integrity checkers • Portscanners, such as nmap • Network analyzer Software • SAINT, SATAN • Anti-sniff • netstat –ap, pidport
Intrusion Detection • Traffic patterns (high-bandwidth utilization) • Failed login attempts (ssh, ftp, telnet, etc) • Invalid URL requests (web server) • Watch the log files (/var/log) • Look for suspicious strings, errors, truncations • Portscanner detector logs • Behavior changes (performance, commands crashing, hidden or unknown processes) • Hidden files and directories (especially in /dev and /var) • ‘. ’ ‘.. ’ and other weird and invalid file names • Setuid executables (with root ownership)
Continuing Education • Follow security web sites and current issues • http://www.securityfocus.com • User/admin education • Password strength • Ban Microsoft Outlook (never run anything attached to e-mail – turn off scripting always!!!) • Be familiar with your system (processes, setuid files, ports, services) • Social Engineering
I’ve Been Hacked • Have a plan before hand • Remove from network immediately • Reinstall operating system (maybe on a new drive) • Nothing can be trusted on compromised system • Restore settings from backup • Do post-mortem analysis on compromised hard drive from clean system • Identify source of attack if possible • Seek professional assistance, and contact law-enforcement agencies if deemed necessary
Application Security • CGI vulnerability • Buffer over-runs • Format string attacks • DoS • Input validity issues • chroot