Computer Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Computer Networks

Description:

NS snoopy.cs.kuleuven.ac.be. NS dns.cs.kuleuven.ac.be. NS ns1.kulnet.kuleuven.ac.be. ... MX 10 snoopy.cs.kuleuven.ac.be. MX 18 mail.cs.kuleuven.ac.be. MX 20 ... – PowerPoint PPT presentation

Number of Views:102
Avg rating:3.0/5.0
Slides: 74
Provided by: dede1
Category:

less

Transcript and Presenter's Notes

Title: Computer Networks


1
Computer Networks
Application layer
2
Overview
  • DNS -- Domain Name System
  • E-mail
  • Terminal Access TELNET

3
Domain names
  • IP-addresses not user friendly
  • ? readable names
  • telnet 134.58.42.36
  • telnet nix.cs.kuleuven.ac.be
  • Overview
  • Definition of Internet domain names
  • Translating domain names into IP addresses

4
Domain names
  • Internet domain names
  • Hierarchical structure
  • nix.cs.kuleuven.ac.be
  • country code
    (Belgium)

university (academic)
K.U.Leuven
dept. Computer science
name of computer system
5
Domain names
  • 3 groups Top Level Domains (TLD)
  • 2-letter country codes (ISO 3166)
  • generic names (similar organisations)
  • com commercial organisations
  • org non-commercial organisations (bv. Vzw)
  • int international organisations (nato, EU, )
  • net companies offering network services
  • NEW name, biz, info,
  • names of organisations within USA
  • edu universities
  • gov US government
  • mil US army

6
Domain names
  • View on Internet domain name space

7
Domain names
  • Each TLD
  • administrator (assign names within domain)
  • be
  • till jan. 2000 dept. Computer science
  • now vzw DNS BE (Ispa, Agoria,
    Beltug)
  • Each organisation with a domain name
  • creates new names within its domain
  • E.g.. kuleuven.ac.be and kulak.ac.be
  • Hierarchical name structure delegation
    workable structure

8
Translating domain names
  • Database
  • not centralised (bottleneck!)
  • name server
  • Translate domain name ? IP-address
  • hierarchy of name server
  • For each domain (zone) separate (primary) name
    server
  • Zone sub tree of name space tree
  • Primary name server
  • Gets info from a zone file on disk

9
Domain names
  • Internet domain names ltgt zones

10
Translating domain names
  • Name server of cs.kuleuven.ac.be

A Address
11
Translating domain names
  • Name server of kuleuven.ac.be

12
Translating domain names
  • Resource records

Field Meaning
Domain_Name Name to which the record applies
Time_to_live Indicates how stable the record is
Class IN for Internet
Type Kind of record
Value Value appropriate for type
13
Translating domain names
  • Principal DNS Resource record types

Type Meaning Value
SOA Start of authority Parameters for this zone
A IP address of host 32-bit integer
NS Name Server Name of name server for this domain
MX Mail exchange Priority, domain willing to accept email
CNAME Canonical Name Domain Name
PTR Pointer Alias for an IP address
HINFO Host description CPU and OS in ascii
TXT Text Uninterpreted ascii text
14
Translating domain names
  • Part of DNS database for cs.kuleuven.ac.be

Authoritative data for cs.kuleuven.ac.be TTL
86400 default TTL 1 day _at_ IN SOA
dns.cs.kuleuven.ac.be. postmaster.cs.kuleuven.ac.b
e. ( 2002042601 serial 10800 refresh
(3h) 1800 retry (30m) 3600000 expire
(gt5w) 86400 ) default (1d)
15
Translating domain names
  • Part of DNS database for cs.kuleuven.ac.be (cont.)

General info for zone CS.KULEUVEN.AC.BE
NS snoopy.cs.kuleuven.ac.be. NS dns.cs.kuleuve
n.ac.be. NS ns1.kulnet.kuleuven.ac.be. NS ns
.be.ubizen.com. NS secdns.eunet.be.
dns.cs.kuleuven.ac.be is used as secondary for
be. and others dns A 134.58.40.4 general MX
records cs.kuleuven.ac.be. MX 20 mailrelay.cs.kul
euven.ac.be. MX 100 mail.cc.kuleuven.ac.be. st.
cs.kuleuven.ac.be. MX 10 st.cs.kuleuven.ac.be.
MX 20 mailrelay.cs.kuleuven.ac.be. MX 100 mail.
cc.kuleuven.ac.be.
16
Translating domain names
  • Part of DNS database for cs.kuleuven.ac.be (cont.)

calendar CNAME billie.cs.kuleuven.ac.be. ssh 36
00 CNAME billie.cs.kuleuven.ac.be. lp-kleur CNAM
E delphi.cs.kuleuven.ac.be. lp-wit CNAME medusa.
cs.kuleuven.ac.be. Cnames do not work for
MX's ftp 3600 CNAME arachne.cs.kuleuven.ac.be. f
tp 1800 A 134.58.40.10 MX 18 mail.cs.kuleuven.
ac.be. MX 20 mailrelay.cs.kuleuven.ac.be. H
INFO Sparc Solaris
17
Translating domain names
  • Part of DNS database for cs.kuleuven.ac.be (cont.)

our switch/router/firewall/ntp-server
lswitch-cw A 134.58.250.50 A 134.58.39.254
A 134.58.41.254 A 134.58.42.254 A 134.58.43
.254 A 134.58.44.245 A 134.58.45.254 A 13
4.58.46.254 MX 18 mail.cs.kuleuven.ac.be. MX
20 mailrelay.cs.kuleuven.ac.be. RP hostmaster
contact.cs.kuleuven.ac.be.
18
Translating domain names
  • Part of DNS database for cs.kuleuven.ac.be (cont.)

snoopy A 134.58.41.8 A 134.58.42.3 A 134.5
8.43.4 A 134.58.45.1 A 134.58.46.63 A 134
.58.39.1 MX 10 snoopy.cs.kuleuven.ac.be. MX
18 mail.cs.kuleuven.ac.be. MX 20 mailrelay.cs.k
uleuven.ac.be. HINFO SunULTRA2Server Solaris
19
Translating domain names
  • Part of DNS database for cs.kuleuven.ac.be (cont.)

panoramix A 134.58.45.66 MX 10 panoramix.cs.ku
leuven.ac.be. MX 18 mail.cs.kuleuven.ac.be.
MX 20 mailrelay.cs.kuleuven.ac.be. RP pv
contact.cs.kuleuven.ac.be. HINFO i86
Linux ubiz A 134.58.39.91 MX 18 mail.cs.kuleu
ven.ac.be. MX 20 mailrelay.cs.kuleuven.ac.be.
RP pv contact.cs.kuleuven.ac.be. HINFO
IBM_ThinkPad Windows2000
20
Translating domain names
  • Part of DNS database for .be

ORIGIN . TTL 86400 1 day be
IN SOA master.ns.dns.be. tech.dns.be. (
2002052301
serial 3600
refresh (1 hour)
1800 retry (30 minutes)
3600000 expire (5 weeks 6
days 16 hours)
600 minimum (10 minutes)
) NS
dns.cs.kuleuven.ac.be. NS
master.ns.dns.be. NS
woluwe.ns.dns.be. NS
hasselt.ns.dns.be. NS
vilvoorde.ns.dns.be.
21
Translating domain names
  • Part of DNS database for .be (cont.)

ORIGIN be. 007 NS
ns3.asp NS
ns4.asp ac NS
ns.belnet NS
ns1.surfnet.nl. NS
ns3.belnet ORIGIN ac.be. dns.cs.kuleuven
A 134.58.40.4 ORIGIN be. huens
NS ns.be.ubizen.com.
NS dns.cs.kuleuven.ac verbaeten
NS ns.yournamehosting.com.
NS ns.yournamewebhosting.com.
22
Translating domain names
  • Name server of TLD names
  • root name server
  • Known IP-address
  • Contains only references to TLD name servers

23
Resolving domain names
  • Example www.cs.vu.nl

24
Resolving domain names
2 schemes
  • Iterative (see previous slide)
  • Name server returns reference
  • Recursive
  • Scheme of forwarding requests to better name
    servers
  • Correct figure?
  • Comparison?

25
Resolving domain names
  • Cumbersome?
  • Name servers cache
  • Translations are cached during the specified time
    (TTL)
  • Vulnerable?
  • Name server can crash
  • For each domain many name servers
  • One primary returns authoritative records
  • At least one secondary return cached records,
    possibly out of date

26
DNS Security
  • Can we trust the DNS Replies?
  • Normal situation.

27
DNS Security
  • Can we trust the DNS Replies?
  • Normal situation.
  • An attack based on breaking into DNS and
    modifying Bob's record.

28
DNS Security
  • How Trudy spoofs Alice's ISP.
  • Reply faster than DNS server!

29
DNS Security
  • Solution DNSsec
  • New records
  • KEY public key of zone
  • SIG signed (with secret key) hash of set of
    resource records
  • Signed Replies from servers
  • Set of resource records (RRSets)
  • SIG

30
DNS security
  • Resource Record set for bob.com
  • A-record(s) for bob.com
  • Public key for bob.com
  • Signature of hash of A record Key record,
    signed with signature of com

31
Overview
  • DNS -- Domain Name System
  • E-mail
  • Terminal Access TELNET

32
E-mail
  • Major components
  • User agent
  • Mail servers
  • Transfer agents
  • Protocols
  • Transfer SMTP
  • Access POP, IMAP

POP
IMAP
SMTP
POP
33
E-mail user agent
  • Internet E-mail addresses
  • pv_at_cs.kuleuven.be
  • Pierre.Verbaeten_at_cs.kuleuven.be
  • nachtradio_at_vrt.be
  • after _at_ domain name
  • before _at_
  • login_name
  • FirstName.LastName
  • Name_of_Group

34
E-mail user agent
  • E-mail programs
  • Often (mostly) graphical user interface
  • functionality
  • receive read messages
  • compose send a message
  • reply to a message
  • forward a message
  • Store messages in folders
  • maintain file with addresses
  • E.g. Netscape, Exchange, Eudora, pine, elm, ...

35
E-mail user agent
  • E-mail program Netscape

36
E-mail message
  • RFC 822 standard for text message format
  • Structure of a message
  • Header
  • From sender
  • To destination
  • Cc copy to
  • Subject
  • Blank line
  • Message body
  • Must be ASCII!!!

header
body
37
E-mail message
Subject mail voor luce Date Mon, 20 May 2002
102134 0200 From Jean Huens
ltJean.Huens_at_cs.kuleuven.ac.begt To Pierre
Verbaeten ltPierre.Verbaeten_at_cs.kuleuven.ac.begt CC
Bart Swennen ltBart.Swennen_at_cs.kuleuven.ac.be
gt Pierre, vermits jullie in Leuven wonen kan je
voor Luce ook een postbox.be adres krijgen. info
op www.postbox.be Jean
38
E-mail message
  • RFC 822 Header fields, related to transport

Header Meaning
To E-mail address(es) of primary recipient(s)
Cc E-mail address(es) of secondary recipient(s)
Bcc E-mail address(es) for blind carbon copies
From Person who created the message
Sender E-mail address of actual sender
Received Line added by each transfer agent along the route
Return-Path Can be used to identify a path back to the sender
39
E-mail message
  • Other RFC 822 header fields

Header Meaning
Date The date and time the message was sent
Reply-To E-mail address to which the reply should be sent
Message-Id Unique number for referencing the message later
In-Reply-To Message-Id of the message to which this is a reply
References Other relevant message-Ids
Keywords User chosen keywords
Subject Short summary of the message for the one-line display
X- User defined header
40
E-Mail mail servers
  • mail server system responsible for the E-mail
    handling within an organisation
  • Talks smtp with other mail servers
  • Stores received messages for local users in its
    mailbox
  • Sends messages for remote users to the
    appropriate mail server
  • Accepts mail from local user agents

SMTP
41
E-Mail smtp protocol
  • Defined in RFC 821
  • Interaction in command/response mode
  • three phases of transfer
  • handshaking (greeting)
  • transfer of messages
  • closure
  • messages must be 7-bit ASCII

Sending server or User agent
commands
client
response
reliable transfer
42
E-Mail smtp protocol
  • try smtp interaction for yourself
  • telnet servername 25
  • wait for reply from server 220
  • enter commands HELO, MAIL FROM, RCPT TO,
    DATA, QUIT
  • send an email without using email client (reader)

43
E-Mail smtp protocol example
  • Connect to mail server .
  • billie telnet mail.cs.kuleuven.ac.be 25
  • Trying 134.58.41.11...
  • Connected to mail.cs.kuleuven.ac.be.
  • Escape character is ''.
  • 220 iris.cs.kuleuven.ac.be ESMTP Mail Transfer
    Agent Wed, 22 May 2002 163150 0200 (MEST)
  • Dialogue with mail server

44
E-Mail smtp protocol example
  • Dialogue with mail server
  • HELO ubiz.cs.kuleuven.ac.be
  • 250 iris.cs.kuleuven.ac.be Hello
    billie.cs.kuleuven.ac.be 134.58.41.39, pleased
    to meet you
  • MAIL FROM Pierre.Verbaeten_at_cs.kuleuven.ac.be
  • 501 5.5.2 Syntax error in parameters scanning
    "FROM"
  • MAIL FROM Pierre.Verbaeten_at_cs.kuleuven.ac.be
  • 250 2.1.0 Pierre.Verbaeten_at_cs.kuleuven.ac.be...
    Sender ok
  • RCPT TOJean.Huens_at_cs.kuleuven.ac.be
  • 250 2.1.5 Jean.Huens_at_cs.kuleuven.ac.be...
    Recipient ok
  • DATA
  • 354 Enter mail, end with "." on a line by itself
  • Enter Message (header body)

45
E-Mail smtp protocol example
  • Enter Message (header body)
  • Subject test
  • Date Wed, 22 May 2002 163500
  • From Pierre.Verbaeten_at_cs.kuleuven.ac.be
  • To Jean.Huens_at_cs.kuleuven.ac.be
  • ingetikte mail
  • Pierre
  • .
  • 250 2.0.0 g4MEXXG06443 Message accepted for
    delivery
  • QUIT
  • 221 2.0.0 iris.cs.kuleuven.ac.be closing
    connection
  • Connection closed by foreign host.
  • billie

46
E-Mail smtp protocol
  • summary
  • Simple text based protocol 7-bit ascii
  • Line with . only to indicate end of message
  • This string excluded inside message
  • smtp requires reliable connections
  • TCP reliable byte stream
  • ESMTP extensions
  • Negotiate special services
  • other contents voice, video, ? MIME
    extensions

47
E-Mail esmtp extensions
  • Approach
  • EHLO command extensions available at server?
  • Symbolic name for each extension
  • Optional parameters for MAIL FROM RCPT TO
  • Some extensions
  • 8BITMIME 8 bit data, still lines
  • BINARYMIME arbitrary data
  • SIZE server informs client of max size of
    message
  • CHECKPOINT support for resuming broken sessions
  • DSN delivery status notification

48
E-Mail MIME extensions
  • MIME multimedia mail extension, RFC 1341, 1521
  • additional lines in message header declare MIME
    content type
  • Content encoded into ascii text

MIME version
From Pierre.Verbaeten_at_cs.kuleuven.ac.be To
hilde_at_yahoo.com Subject Picture MIME-Version
1.0 Content-Transfer-Encoding base64
Content-Type image/jpeg base64 encoded data
..... ......................... ......base64
encoded data
method used to encode data
multimedia data type, subtype,
encoded data
49
E-Mail MIME extensions
  • RFC headers related tp MIME

Header Meaning
MIME-version Identifies MIME version
Content-Description Human-readable string telling what is in the message
Content-Id Unique identifier
Content-Transfer-Encoding How the body is encoded for translation
Content-Type Nature of the message
50
E-Mail MIME extensions
  • Mime types/subtypes RFC 1521

Type Subtype Description
text Plain Unformatted text
Richtext Text including simple formatting commands
Image Gif Still picture in GIF format
Jpeg Still picture in JPEG forma
Audio Basic Audible sound
Video Mpeg Movie in format
Application Octet-stream An uninterpreted byte sequence
Postscript A printable document in Postscript
Message RFC822 A MIME RFC 822 message
Partial Message split for transmission
External-body Message itsef must be fetched over the net
Multipart Mixed Independent parts in the specified order
Alernative Same message in different formats
Parallel Parts must be viewed simultaneously
Digest Each part is a complete RFC 822 message
51
E-Mail MIME extensions
From Pierre.Verbaeten_at_cs.kuleuven.ac.be To
hilde_at_yahoo.com Subject Picture of
Sarah MIME-Version 1.0 Content-Type
multipart/mixed boundary98766789
--98766789 Content-Transfer-Encoding
quoted-printable Content-Type text/plain Dear
Hilde, Please find a picture of
Sarah --98766789 Content-Transfer-Encoding
base64 Content-Type image/jpeg base64 encoded
data ..... .........................
......base64 encoded data --98766789--
52
E-Mail MIME extensions
  • Transfer Encoding
  • SMTP requires ascii only in message
  • So conversions (encode decode) necessary
  • Encoding schemes
  • Just ascii
  • 8-bit ascii violation does not always work!
  • ascii simple markup language (html)
  • Base64 encoding (ascii armor)
  • 24 bits broken up in 4 6 bits
  • Each group of 6 bits represented as one ascii
    character
  • Quoted-printable
  • 7-bit ascii
  • Char gt 127 ? char value as 2 hex digits

53
E-mail access protocols
  • E-mail servers
  • send / receive messages
  • Communicate with user agents

SMTP
SMTP
IMAP
SMTP Simple Mail Transfer Protocol POP Post
Office Protocol IMAP Internet Mail Access Protocol
54
E-mail access protocols
  • 2 configurations
  • UA on same system as mail server
  • UA on PC, using POP to access mail server

55
E-mail access protocols POP3
  • POP Post Office Protocol
  • authorisation of agent (at server)
  • Download retrieve delete at server ltgt
    retrieve only
  • OK for users using fixed UA
  • RFC 1939
  • Example use POP3 to fetch 3 messages

56
E-mail access protocols
  • POP Post Office Protocol RFC 1939
  • authorisation of agent (at server)
  • Download retrieve delete at server ltgt retrieve
    only
  • OK for users using fixed UA
  • IMAP Internet Mail Access Protocol RFC 1730
  • more features more complex
  • Supports users reading mail from different UAs
  • manipulation of stored messages on server
  • Web based user agents
  • HTTP Hotmail , Yahoo,

57
E-mail access protocols
  • Comparison POP3 ltgt IMAP

58
E-mail gateways
  • Interconnect different E-mail systems

Internet RFC822
OSI X400
59
E-mail security
  • Requirements
  • Privacy
  • Authentication
  • Integrity
  • Non repudiation
  • Systems
  • PGP Pretty Good Privacy
  • PEM Privacy Enhanced Mail
  • S/Mime

60
E-mail security PGP
  • Designed by Zimmerman (1995)
  • Promoter of privacy
  • ltgt US government
  • Open source software
  • Uses existing cryptographic algorithms
  • IDEA International Data Encryption Algorithm
  • Timeline DES ? IDEA ? AES
  • RSA
  • MD5

61
E-mail security PGP
  • Operation of PGP mail message P from Alice to
    Bob
  • Decentralised storage of public keys trust?

62
E-mail security PEM S/MIME
  • PEM Privacy enhanced mail
  • Internet standard RFC 1421 1424
  • Similar to PGP
  • Keys X.509 certificates from CAs in strict
    hierarchy
  • Single root CA ? manager? Trust?
  • S/MIME
  • Internet standard RFC 2632 2643
  • Integration with MIME
  • No restrictions on CAs

63
Overview
  • DNS -- Domain Name System
  • E-mail
  • Terminal Access TELNET

64
Terminal Access TELNET
  • History
  • Oldest Internet application
  • 1983 final form issued as RFC 854 and RFC 855
  • Still useful application
  • Basis for other protocols
  • From old to current environment .

65
Terminal Access TELNET
  • Original environment

66
Terminal Access TELNET
  • Current environment

PC or workstation
67
Terminal Access TELNET
  • Local login
  • Characters typed
  • From terminal
  • To terminal driver
  • To Operating system
  • To application
  • For some characters
  • Interpretation by OS

68
Terminal Access TELNET
  • Remote login

Telnet Server
Application programs
------ --- ----- ---
------ --- ----- ---
------ --- ----- ---
------ --- ----- ---
Operating system
Operating system
Terminal driver
Pseudoterminal driver
Different character sets!!
69
Terminal Access TELNET
  • Network Virtual Terminal

Local computer Character set
NVT character set
Remote computer Character set
70
Terminal Access TELNET
  • NVT character set
  • Data characters
  • NVT ascii 0 7 bit US Ascii
  • Remote control characters
  • 1 7 bits
  • Examples
  • Option negotiation characters
  • Characters to control remote application
  • Erase character
  • Erase line
  • Interrupt process

71
Terminal Access TELNET
  • Phases of operation
  • Connection management
  • Connection request and termination
  • TCP is used
  • Negotiation
  • Determine a mutually agreeable set of
    characteristics
  • Line length, terminal type, terminal speed
  • Control
  • Exchange of control information and commands end
    of line, interrupt process
  • Data
  • Transfer of data

72
Terminal Access TELNET
  • RLOGIN
  • Remote login program designed for BSD Unix
  • SSH
  • Secure remote login program
  • Offers
  • Authentication uses public key encryption
  • Privacy exchanged data are encrypted
  • Integrity
  • Tunneling

73
Computer Networks
Applications
Write a Comment
User Comments (0)
About PowerShow.com