1 / 43

Cosc 4750

Networking. Cosc 4750. The basics. Machine A and Machine B have a connection to a network When Machine A wants to “talk” to machine B, it creates a packet of information with a destination address of machine B, and sends it out into the network.

fergus
Download Presentation

Cosc 4750

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Networking Cosc 4750

  2. The basics • Machine A and Machine B have a connection to a network • When Machine A wants to “talk” to machine B, it creates a packet of information with a destination address of machine B, and sends it out into the network. • Machine B receives the packets and responds if it needs to. • In UNIX, Machine A can also send a message to itself. (localhost, IP 127.0.0.1)

  3. TCP/IP and the Internet • brief history • Not created by Microsoft or Vice President Gore • Established by DARPA in 1969 for the US Department of Defense, called ARPANET • By 1980’s it was used in research by Universities • 1994: Internet went private

  4. Who “manages” the Internet • ICANN, The Internet Corporation for Assigned Names and Numbers: • can be said to be in charge of the internet • IETF, the Internet Engineering Task Force • Oversee development and standardization. • ISOC, the Internet Society • Membership organization that represents Internet users.

  5. The IP address Crisis • Class A IP, example 129.X.X.X • Class B IP, example 129.72.X.X • Class C IP, example 129.72.216.X • Where never allocated “fairly”. US government holds half the the Class A IPs from 1-126.X.X.X, many unused or badly allocated. • http://www.caida.org/outreach/learn/ipv4space for more information

  6. Ethernet • Uses CSMA/CD: • Carrier Sense: you can tell whether anyone is talking. • Multiple Access: everyone can talk • Collision Detection: you know when you interrupt someone else.

  7. Evolution • Year Speed Name media • 1973 3Mb/s Xerox coax • 80-93 10Mb/s Ethernet coax cat3 • 10Base2/10BaseT • 1994 100Mb/s 100Base Cat5, fiber • 1998 1 Gb/s 1000Base fiber,Cat5e • 2008 1 Tb/s ? ?

  8. Networking for your machine • Static or manual • You set the network information the machine needs. • DHCP • Your machine asks for the networking information from a Server. • BOOTP • A server give you an IP number and gateway • PPP • Dailup version of DHCP or could be static

  9. DHCP and bootp • Each asks a server for networking information for your machine. It is based off a mac address • a MAC address • a hard coded number that you network card has. • It is 6 segment Hex number • example: 08:00:20:79:4F:49

  10. loopback interface • lo (or lo0) is the loopback interface • It has an IP address of 127.0.0.1 and name of localhost. (Don’t EVER changed this). • On a unix machine, it's active even the network card is not. Used for testing of networking applications and other things.

  11. Using arp • arp is a program that will display know mac addresses, IP number, and machine name. • Each machine has a table of know machines, called an arp table • arp –a xor.com (192.108.21.1) at 08:00:20:77:5E:A0 earth.xor.com (129.108.21.180) at 00:50:DA:12:4E: E5

  12. Using ifconfig • ifconfig allows you to configure your network and look at a specific network device • ifconfig eth0 (network card) • displays flags, IP number, netmask, broadcast, mac address, and stat’s • netmask tells the computer which IP address class you have (A,B,C). Class C: 255.255.255.0 • broadcast, has to do with IP class. Class C: 10.216.218.255 (for computer Science).

  13. PPP and IP forwarding • When a machine makes a PPP (dial-up) connection to a server, the server then forwards on IP packets from the client into the network (internet). • Also, the client’s IP is associated with the servers mac address. • IP forwarding is for routing (dial-up and network). If your machine is not a dial-up server, it should be turned off.

  14. routing • Most machines a route table, where to send packets. • netstat –rn will display the route table Kernel IP routing table Destination Gateway Genmask Flags M W irtt Iface 10.216.218.12 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 10.216.218.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.216.218.1 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 is also called default

  15. Adding routes • The most common route to add to a machine is the default route. • This is the one that gets your network packets outside of IP domain • Normally to a router. • route add default 10.216.218.1 • Since that is where our “router” is located.

  16. Security • Networking is one of the most vulnerable parts of a computer for attacks. • firewalls and filters. • Basically, UNIX firewalls and filters are weak (and Microsoft’s are far worse). • firewalls allow you block network traffic to a machine (or set of machines) • filtering allows you block a set of IPs or only allow a set of IPs into your machine.

  17. For true hardware firewalls and filters, buy a dedicated router or switch (probably from CISCO, current leader network hardware, 70% of the market, but there are other very good vendors [and cheaper] as well.). • Denial of Service and various other attacks can be blocked by routers/switches and IDSs, but not by a UNIX machine • Why? The computer is spending time to deal with the problem, instead of normal work. • We will return to security later on.

  18. Networking commands Cosc 4750

  19. More Networking commands • hostname • allows you to determined the name of the machine • nslookup <name> Or nslookup IP number • Determine an IP for a given name or a name for a given IP number • More later with DNS

  20. finger <username> • check to see if they are logined • finger • check to who is logged to the machine • finger <user>@machine or finger @machine • See who is logged in or if a given user is logged into a remote machine

  21. tcpdump, must be run as root • prints out the packets received by an interface (network card) • ping <machine> or ping –c # machine • Allows to check to see if a machine is alive • And check to see if your networking is working • -c is how many packets to send/receive before stopping

  22. traceroute <machine> • Displays all immediate steps between your machine and a remote machine • Good way to find out where the network broken down between you and a remote machine • Also useful in tracking an IP address

  23. telnet <machine> <port> • connect to a remote machine, if port is left off, then the default is port 23, which is for telnet logins • rlogin <machine> • login to a remote machine, with the current username (-l <username> to specify another username) • normally some environment variables are “carried” to the remote machine. • Must use a password (unless .rhost file)

  24. .rhosts file • a listing of machines that a user can rlogin (rcp and rsh) from with using a password. A security problem. • Example of the file meru.cs.uwyo.edu seker k2.cs.uwyo.edu seker asdf.cs.uwyo.edu bob

  25. rcp (remote copy), normally need a .rhosts file for it work. • rcp <file> <machine:path> • rcp test meru:/meru3/seker/. • rsh (remote shell), will work without a .rhosts file. • rsh meru ls display the my directory on meru • rsh meru xterm –display k2.cs.uwyo.edu:0.0

  26. xhost + <host> • xhost is one way in which you allow a remote machine to display (access) “console” • For the preceeding rsh meru xterm command • xhost + meru is needed in order for meru to display an xterm window on my console (display). • xhost + (with a machine) allows any remote host to access your console. Very insecure.

  27. All the r commands are considered insecure and should be avoided. • rsh, rlogin, rcp, etc. • Instead you want to use a secure problem

  28. ssh (secure shell) is replace program for rlogin and rsh. Provides encrypted communication between two untrusted hosts over an insecure network. (from the man pages) • ssh meru Will create a secure connection between my machine and meru • see the man pages (man ssh) for more information

  29. Use ssh instead of rsh • ssh <host> command • Use scp instead of rcp • And sshd will accept secure ftp connections • use sftp instead of ftp

  30. Why use the S programs? • ssh creates a secure connections • passwords are not passed between machines in clear text, instead they are encrypted • Since the connection is encrypted, packet sniffers and other similar devices can “see” what you are doing. • Offers machine better security. • Xhost + for example, allows ANYONE to “view” your screen and could capture keystrokes.

  31. More on netstat • netstat –a displays all active TCP and UDP ports • netstat –i displays each interface and stat’s • netstat –i –c display continuing stat’s • netstat –rn displays the route tables • netstat –s displays stat’s for each section: IP, ICMP, TCP, and UDP

  32. Packet Sniffers • Listen to the traffic on the network, record and/or print packets with certain criteria • Changes the network card to "promiscuous mode", so that it can intercept all the network packets. • tcpdump is installed on most linux machines and is a packet sniffer, command line • Ethereal, use a GUI interface and allows a point and click • see the man pages for use of these programs.

  33. Packet Sniffers (2) • There are a lot of packet sniffer packages available. • They should be used with caution, since you are bordering on hacking, as well as intercepting "private" information.

  34. SNMP • The Simple Network Management Protocol • Can be used for gathering stat’s and managing network hardware • Some applications that been created with SNMP protocol • mrtg, multi-router traffic grapher • demo in class • perl also has several modules for snmp.

  35. Iptables • How the firewall treats packets leaving, entering, or passing through your computer. There is a chain for each of these. • Any packet entering your computer goes through the INPUT chain. • Any packet that your computer sends out to the network goes through the OUTPUT chain. • Any packet that your computer picks up on one network and sends to another goes through the FORWARD chain. • The chains are half of the logic behind iptables themselves.

  36. Iptables (2) • Iptables can be configured through the command iptables • And configured on startup from /etc/sysconfig/iptables • The basics • You specify based on a number of different attributes whether a packet should be accepted or dropped for each chain. • You can drop an incoming packet from one packet, but allow an outbound packet to it.

  37. Iptables (3) • Examples: • Iptables –A INPUT -s 200.200.200.1 -j DROP • Drop any input bound packet from ip number 200.200.200.1 • Still allows outbound packets to that ip.

  38. Iptables (4) • -p [protocol] • tcp, udp, icmp, icmp, or all • -s IPaddress[/mask] • Source IP address or part with a mask, like 129.72.0.0/16 • -d Ipaddress[/mask] • Destination IP addresss or part with mask. • -i name network interface name packet received on • -o name network interface name packet send out on • --dportportnumber • used with –p and others to specify a port number.

  39. Iptables (5) • Other commands • -A INPUT -m state –state RELATED, ESTABLISHED –j ACCEPT • Allows processes already talking to establish new connections • iptables –P INPUT drop • The default is to drop packets on the input chain. • There are many more.

  40. iptables example *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT –I lo –j ACCEPT -A INPUT -s 10.10.10.1 -i eth0 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT –s 10.82.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT COMMIT

  41. Iptables (6) • Removing rules • uses –D option • iptables –D INPUT -s 10.10.10.1 -i eth0 -j ACCEPT • removes the rules accepting 10.10.10.1

  42. iptables conclusion • This covers only the basics of iptables • This should be enough to get you started with a good set of rules. • You can create more chains and more rules. • I didn’t cover all the options • Find a good site or book that covers more detail and explanations.

  43. Q A &

More Related