Title: Computer Networks
1Computer Networks
Application layer
2Overview
- DNS -- Domain Name System
- E-mail
- Terminal Access TELNET
3Domain names
- IP-addresses not user friendly
- ? readable names
- telnet 134.58.42.36
- telnet nix.cs.kuleuven.ac.be
- Overview
- Definition of Internet domain names
- Translating domain names into IP addresses
4Domain names
- Internet domain names
- Hierarchical structure
- nix.cs.kuleuven.ac.be
- country code
(Belgium) -
-
-
university (academic)
K.U.Leuven
dept. Computer science
name of computer system
5Domain names
- 3 groups Top Level Domains (TLD)
- 2-letter country codes (ISO 3166)
- generic names (similar organisations)
- com commercial organisations
- org non-commercial organisations (bv. Vzw)
- int international organisations (nato, EU, )
- net companies offering network services
- NEW name, biz, info,
- names of organisations within USA
- edu universities
- gov US government
- mil US army
6Domain names
- View on Internet domain name space
7Domain names
- Each TLD
- administrator (assign names within domain)
- be
- till jan. 2000 dept. Computer science
- now vzw DNS BE (Ispa, Agoria,
Beltug) - Each organisation with a domain name
- creates new names within its domain
- E.g.. kuleuven.ac.be and kulak.ac.be
- Hierarchical name structure delegation
workable structure
8Translating domain names
- Database
- not centralised (bottleneck!)
- name server
- Translate domain name ? IP-address
- hierarchy of name server
- For each domain (zone) separate (primary) name
server - Zone sub tree of name space tree
- Primary name server
- Gets info from a zone file on disk
9Domain names
- Internet domain names ltgt zones
10Translating domain names
- Name server of cs.kuleuven.ac.be
A Address
11Translating domain names
- Name server of kuleuven.ac.be
12Translating domain names
Field Meaning
Domain_Name Name to which the record applies
Time_to_live Indicates how stable the record is
Class IN for Internet
Type Kind of record
Value Value appropriate for type
13Translating domain names
- Principal DNS Resource record types
Type Meaning Value
SOA Start of authority Parameters for this zone
A IP address of host 32-bit integer
NS Name Server Name of name server for this domain
MX Mail exchange Priority, domain willing to accept email
CNAME Canonical Name Domain Name
PTR Pointer Alias for an IP address
HINFO Host description CPU and OS in ascii
TXT Text Uninterpreted ascii text
14Translating domain names
- Part of DNS database for cs.kuleuven.ac.be
Authoritative data for cs.kuleuven.ac.be TTL
86400 default TTL 1 day _at_ IN SOA
dns.cs.kuleuven.ac.be. postmaster.cs.kuleuven.ac.b
e. ( 2002042601 serial 10800 refresh
(3h) 1800 retry (30m) 3600000 expire
(gt5w) 86400 ) default (1d)
15Translating domain names
- Part of DNS database for cs.kuleuven.ac.be (cont.)
General info for zone CS.KULEUVEN.AC.BE
NS snoopy.cs.kuleuven.ac.be. NS dns.cs.kuleuve
n.ac.be. NS ns1.kulnet.kuleuven.ac.be. NS ns
.be.ubizen.com. NS secdns.eunet.be.
dns.cs.kuleuven.ac.be is used as secondary for
be. and others dns A 134.58.40.4 general MX
records cs.kuleuven.ac.be. MX 20 mailrelay.cs.kul
euven.ac.be. MX 100 mail.cc.kuleuven.ac.be. st.
cs.kuleuven.ac.be. MX 10 st.cs.kuleuven.ac.be.
MX 20 mailrelay.cs.kuleuven.ac.be. MX 100 mail.
cc.kuleuven.ac.be.
16Translating domain names
- Part of DNS database for cs.kuleuven.ac.be (cont.)
calendar CNAME billie.cs.kuleuven.ac.be. ssh 36
00 CNAME billie.cs.kuleuven.ac.be. lp-kleur CNAM
E delphi.cs.kuleuven.ac.be. lp-wit CNAME medusa.
cs.kuleuven.ac.be. Cnames do not work for
MX's ftp 3600 CNAME arachne.cs.kuleuven.ac.be. f
tp 1800 A 134.58.40.10 MX 18 mail.cs.kuleuven.
ac.be. MX 20 mailrelay.cs.kuleuven.ac.be. H
INFO Sparc Solaris
17Translating domain names
- Part of DNS database for cs.kuleuven.ac.be (cont.)
our switch/router/firewall/ntp-server
lswitch-cw A 134.58.250.50 A 134.58.39.254
A 134.58.41.254 A 134.58.42.254 A 134.58.43
.254 A 134.58.44.245 A 134.58.45.254 A 13
4.58.46.254 MX 18 mail.cs.kuleuven.ac.be. MX
20 mailrelay.cs.kuleuven.ac.be. RP hostmaster
contact.cs.kuleuven.ac.be.
18Translating domain names
- Part of DNS database for cs.kuleuven.ac.be (cont.)
snoopy A 134.58.41.8 A 134.58.42.3 A 134.5
8.43.4 A 134.58.45.1 A 134.58.46.63 A 134
.58.39.1 MX 10 snoopy.cs.kuleuven.ac.be. MX
18 mail.cs.kuleuven.ac.be. MX 20 mailrelay.cs.k
uleuven.ac.be. HINFO SunULTRA2Server Solaris
19Translating domain names
- Part of DNS database for cs.kuleuven.ac.be (cont.)
panoramix A 134.58.45.66 MX 10 panoramix.cs.ku
leuven.ac.be. MX 18 mail.cs.kuleuven.ac.be.
MX 20 mailrelay.cs.kuleuven.ac.be. RP pv
contact.cs.kuleuven.ac.be. HINFO i86
Linux ubiz A 134.58.39.91 MX 18 mail.cs.kuleu
ven.ac.be. MX 20 mailrelay.cs.kuleuven.ac.be.
RP pv contact.cs.kuleuven.ac.be. HINFO
IBM_ThinkPad Windows2000
20Translating domain names
- Part of DNS database for .be
ORIGIN . TTL 86400 1 day be
IN SOA master.ns.dns.be. tech.dns.be. (
2002052301
serial 3600
refresh (1 hour)
1800 retry (30 minutes)
3600000 expire (5 weeks 6
days 16 hours)
600 minimum (10 minutes)
) NS
dns.cs.kuleuven.ac.be. NS
master.ns.dns.be. NS
woluwe.ns.dns.be. NS
hasselt.ns.dns.be. NS
vilvoorde.ns.dns.be.
21Translating domain names
- Part of DNS database for .be (cont.)
ORIGIN be. 007 NS
ns3.asp NS
ns4.asp ac NS
ns.belnet NS
ns1.surfnet.nl. NS
ns3.belnet ORIGIN ac.be. dns.cs.kuleuven
A 134.58.40.4 ORIGIN be. huens
NS ns.be.ubizen.com.
NS dns.cs.kuleuven.ac verbaeten
NS ns.yournamehosting.com.
NS ns.yournamewebhosting.com.
22Translating domain names
- Name server of TLD names
- root name server
- Known IP-address
- Contains only references to TLD name servers
-
23Resolving domain names
24Resolving domain names
2 schemes
- Iterative (see previous slide)
- Name server returns reference
- Recursive
- Scheme of forwarding requests to better name
servers - Correct figure?
- Comparison?
25Resolving domain names
- Cumbersome?
- Name servers cache
- Translations are cached during the specified time
(TTL) - Vulnerable?
- Name server can crash
- For each domain many name servers
- One primary returns authoritative records
- At least one secondary return cached records,
possibly out of date -
26DNS Security
- Can we trust the DNS Replies?
27DNS Security
- Can we trust the DNS Replies?
- An attack based on breaking into DNS and
modifying Bob's record.
28DNS Security
- How Trudy spoofs Alice's ISP.
- Reply faster than DNS server!
29DNS Security
- Solution DNSsec
- New records
- KEY public key of zone
- SIG signed (with secret key) hash of set of
resource records - Signed Replies from servers
- Set of resource records (RRSets)
- SIG
30DNS security
- Resource Record set for bob.com
- A-record(s) for bob.com
- Public key for bob.com
- Signature of hash of A record Key record,
signed with signature of com
31Overview
- DNS -- Domain Name System
- E-mail
- Terminal Access TELNET
32E-mail
- Major components
- User agent
- Mail servers
- Transfer agents
- Protocols
- Transfer SMTP
- Access POP, IMAP
POP
IMAP
SMTP
POP
33 E-mail user agent
- Internet E-mail addresses
- pv_at_cs.kuleuven.be
- Pierre.Verbaeten_at_cs.kuleuven.be
- nachtradio_at_vrt.be
- after _at_ domain name
- before _at_
- login_name
- FirstName.LastName
- Name_of_Group
34E-mail user agent
- E-mail programs
- Often (mostly) graphical user interface
- functionality
- receive read messages
- compose send a message
- reply to a message
- forward a message
- Store messages in folders
- maintain file with addresses
- E.g. Netscape, Exchange, Eudora, pine, elm, ...
35E-mail user agent
36E-mail message
- RFC 822 standard for text message format
- Structure of a message
- Header
- From sender
- To destination
- Cc copy to
- Subject
- Blank line
- Message body
- Must be ASCII!!!
header
body
37E-mail message
Subject mail voor luce Date Mon, 20 May 2002
102134 0200 From Jean Huens
ltJean.Huens_at_cs.kuleuven.ac.begt To Pierre
Verbaeten ltPierre.Verbaeten_at_cs.kuleuven.ac.begt CC
Bart Swennen ltBart.Swennen_at_cs.kuleuven.ac.be
gt Pierre, vermits jullie in Leuven wonen kan je
voor Luce ook een postbox.be adres krijgen. info
op www.postbox.be Jean
38E-mail message
- RFC 822 Header fields, related to transport
Header Meaning
To E-mail address(es) of primary recipient(s)
Cc E-mail address(es) of secondary recipient(s)
Bcc E-mail address(es) for blind carbon copies
From Person who created the message
Sender E-mail address of actual sender
Received Line added by each transfer agent along the route
Return-Path Can be used to identify a path back to the sender
39E-mail message
- Other RFC 822 header fields
Header Meaning
Date The date and time the message was sent
Reply-To E-mail address to which the reply should be sent
Message-Id Unique number for referencing the message later
In-Reply-To Message-Id of the message to which this is a reply
References Other relevant message-Ids
Keywords User chosen keywords
Subject Short summary of the message for the one-line display
X- User defined header
40E-Mail mail servers
- mail server system responsible for the E-mail
handling within an organisation - Talks smtp with other mail servers
- Stores received messages for local users in its
mailbox - Sends messages for remote users to the
appropriate mail server - Accepts mail from local user agents
SMTP
41E-Mail smtp protocol
- Defined in RFC 821
- Interaction in command/response mode
- three phases of transfer
- handshaking (greeting)
- transfer of messages
- closure
- messages must be 7-bit ASCII
Sending server or User agent
commands
client
response
reliable transfer
42E-Mail smtp protocol
- try smtp interaction for yourself
- telnet servername 25
- wait for reply from server 220
- enter commands HELO, MAIL FROM, RCPT TO,
DATA, QUIT - send an email without using email client (reader)
43E-Mail smtp protocol example
- Connect to mail server .
- billie telnet mail.cs.kuleuven.ac.be 25
- Trying 134.58.41.11...
- Connected to mail.cs.kuleuven.ac.be.
- Escape character is ''.
- 220 iris.cs.kuleuven.ac.be ESMTP Mail Transfer
Agent Wed, 22 May 2002 163150 0200 (MEST) - Dialogue with mail server
44E-Mail smtp protocol example
- Dialogue with mail server
- HELO ubiz.cs.kuleuven.ac.be
- 250 iris.cs.kuleuven.ac.be Hello
billie.cs.kuleuven.ac.be 134.58.41.39, pleased
to meet you - MAIL FROM Pierre.Verbaeten_at_cs.kuleuven.ac.be
- 501 5.5.2 Syntax error in parameters scanning
"FROM" - MAIL FROM Pierre.Verbaeten_at_cs.kuleuven.ac.be
- 250 2.1.0 Pierre.Verbaeten_at_cs.kuleuven.ac.be...
Sender ok - RCPT TOJean.Huens_at_cs.kuleuven.ac.be
- 250 2.1.5 Jean.Huens_at_cs.kuleuven.ac.be...
Recipient ok - DATA
- 354 Enter mail, end with "." on a line by itself
- Enter Message (header body)
45E-Mail smtp protocol example
- Enter Message (header body)
- Subject test
- Date Wed, 22 May 2002 163500
- From Pierre.Verbaeten_at_cs.kuleuven.ac.be
- To Jean.Huens_at_cs.kuleuven.ac.be
- ingetikte mail
- Pierre
- .
- 250 2.0.0 g4MEXXG06443 Message accepted for
delivery - QUIT
- 221 2.0.0 iris.cs.kuleuven.ac.be closing
connection - Connection closed by foreign host.
- billie
46E-Mail smtp protocol
- summary
- Simple text based protocol 7-bit ascii
- Line with . only to indicate end of message
- This string excluded inside message
- smtp requires reliable connections
- TCP reliable byte stream
- ESMTP extensions
- Negotiate special services
- other contents voice, video, ? MIME
extensions
47E-Mail esmtp extensions
- Approach
- EHLO command extensions available at server?
- Symbolic name for each extension
- Optional parameters for MAIL FROM RCPT TO
- Some extensions
- 8BITMIME 8 bit data, still lines
- BINARYMIME arbitrary data
- SIZE server informs client of max size of
message - CHECKPOINT support for resuming broken sessions
- DSN delivery status notification
48E-Mail MIME extensions
- MIME multimedia mail extension, RFC 1341, 1521
- additional lines in message header declare MIME
content type - Content encoded into ascii text
MIME version
From Pierre.Verbaeten_at_cs.kuleuven.ac.be To
hilde_at_yahoo.com Subject Picture MIME-Version
1.0 Content-Transfer-Encoding base64
Content-Type image/jpeg base64 encoded data
..... ......................... ......base64
encoded data
method used to encode data
multimedia data type, subtype,
encoded data
49E-Mail MIME extensions
- RFC headers related tp MIME
Header Meaning
MIME-version Identifies MIME version
Content-Description Human-readable string telling what is in the message
Content-Id Unique identifier
Content-Transfer-Encoding How the body is encoded for translation
Content-Type Nature of the message
50E-Mail MIME extensions
- Mime types/subtypes RFC 1521
Type Subtype Description
text Plain Unformatted text
Richtext Text including simple formatting commands
Image Gif Still picture in GIF format
Jpeg Still picture in JPEG forma
Audio Basic Audible sound
Video Mpeg Movie in format
Application Octet-stream An uninterpreted byte sequence
Postscript A printable document in Postscript
Message RFC822 A MIME RFC 822 message
Partial Message split for transmission
External-body Message itsef must be fetched over the net
Multipart Mixed Independent parts in the specified order
Alernative Same message in different formats
Parallel Parts must be viewed simultaneously
Digest Each part is a complete RFC 822 message
51E-Mail MIME extensions
From Pierre.Verbaeten_at_cs.kuleuven.ac.be To
hilde_at_yahoo.com Subject Picture of
Sarah MIME-Version 1.0 Content-Type
multipart/mixed boundary98766789
--98766789 Content-Transfer-Encoding
quoted-printable Content-Type text/plain Dear
Hilde, Please find a picture of
Sarah --98766789 Content-Transfer-Encoding
base64 Content-Type image/jpeg base64 encoded
data ..... .........................
......base64 encoded data --98766789--
52E-Mail MIME extensions
- Transfer Encoding
- SMTP requires ascii only in message
- So conversions (encode decode) necessary
- Encoding schemes
- Just ascii
- 8-bit ascii violation does not always work!
- ascii simple markup language (html)
- Base64 encoding (ascii armor)
- 24 bits broken up in 4 6 bits
- Each group of 6 bits represented as one ascii
character - Quoted-printable
- 7-bit ascii
- Char gt 127 ? char value as 2 hex digits
53E-mail access protocols
- E-mail servers
- send / receive messages
- Communicate with user agents
SMTP
SMTP
IMAP
SMTP Simple Mail Transfer Protocol POP Post
Office Protocol IMAP Internet Mail Access Protocol
54E-mail access protocols
- 2 configurations
- UA on same system as mail server
- UA on PC, using POP to access mail server
55E-mail access protocols POP3
- POP Post Office Protocol
- authorisation of agent (at server)
- Download retrieve delete at server ltgt
retrieve only - OK for users using fixed UA
- RFC 1939
- Example use POP3 to fetch 3 messages
56E-mail access protocols
- POP Post Office Protocol RFC 1939
- authorisation of agent (at server)
- Download retrieve delete at server ltgt retrieve
only - OK for users using fixed UA
- IMAP Internet Mail Access Protocol RFC 1730
- more features more complex
- Supports users reading mail from different UAs
- manipulation of stored messages on server
- Web based user agents
- HTTP Hotmail , Yahoo,
57E-mail access protocols
- Comparison POP3 ltgt IMAP
58E-mail gateways
- Interconnect different E-mail systems
Internet RFC822
OSI X400
59E-mail security
- Requirements
- Privacy
- Authentication
- Integrity
- Non repudiation
- Systems
- PGP Pretty Good Privacy
- PEM Privacy Enhanced Mail
- S/Mime
60E-mail security PGP
- Designed by Zimmerman (1995)
- Promoter of privacy
- ltgt US government
- Open source software
- Uses existing cryptographic algorithms
- IDEA International Data Encryption Algorithm
- Timeline DES ? IDEA ? AES
- RSA
- MD5
61E-mail security PGP
- Operation of PGP mail message P from Alice to
Bob - Decentralised storage of public keys trust?
62E-mail security PEM S/MIME
- PEM Privacy enhanced mail
- Internet standard RFC 1421 1424
- Similar to PGP
- Keys X.509 certificates from CAs in strict
hierarchy - Single root CA ? manager? Trust?
- S/MIME
- Internet standard RFC 2632 2643
- Integration with MIME
- No restrictions on CAs
63Overview
- DNS -- Domain Name System
- E-mail
- Terminal Access TELNET
64Terminal Access TELNET
- History
- Oldest Internet application
- 1983 final form issued as RFC 854 and RFC 855
- Still useful application
- Basis for other protocols
- From old to current environment .
65Terminal Access TELNET
66Terminal Access TELNET
PC or workstation
67Terminal Access TELNET
- Local login
- Characters typed
- From terminal
- To terminal driver
- To Operating system
- To application
- For some characters
- Interpretation by OS
68Terminal Access TELNET
Telnet Server
Application programs
------ --- ----- ---
------ --- ----- ---
------ --- ----- ---
------ --- ----- ---
Operating system
Operating system
Terminal driver
Pseudoterminal driver
Different character sets!!
69Terminal Access TELNET
Local computer Character set
NVT character set
Remote computer Character set
70Terminal Access TELNET
- NVT character set
- Data characters
- NVT ascii 0 7 bit US Ascii
- Remote control characters
- 1 7 bits
- Examples
- Option negotiation characters
- Characters to control remote application
- Erase character
- Erase line
- Interrupt process
71Terminal Access TELNET
- Phases of operation
- Connection management
- Connection request and termination
- TCP is used
- Negotiation
- Determine a mutually agreeable set of
characteristics - Line length, terminal type, terminal speed
- Control
- Exchange of control information and commands end
of line, interrupt process - Data
- Transfer of data
72Terminal Access TELNET
- RLOGIN
- Remote login program designed for BSD Unix
- SSH
- Secure remote login program
- Offers
- Authentication uses public key encryption
- Privacy exchanged data are encrypted
- Integrity
- Tunneling
73Computer Networks
Applications