Cosc 4750 - PowerPoint PPT Presentation

1 / 43
About This Presentation
Title:

Cosc 4750

Description:

Cosc 4750 Networking SNMP The Simple Network Management Protocol Can be used for gathering stat s and managing network hardware Some applications that been created ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 44
Provided by: uwyoEdu4
Category:

less

Transcript and Presenter's Notes

Title: Cosc 4750


1
Cosc 4750
  • Networking

2
The basics
  • Machine A and Machine B have a connection to a
    network
  • When Machine A wants to talk to machine B, it
    creates a packet of information with a
    destination address of machine B, and sends it
    out into the network.
  • Machine B receives the packets and responds if it
    needs to.
  • In UNIX, Machine A can also send a message to
    itself. (localhost, IP 127.0.0.1)

3
TCP/IP and the Internet
  • brief history
  • Not created by Microsoft or Vice President Gore
  • Established by DARPA in 1969 for the US
    Department of Defense, called ARPANET
  • By 1980s it was used in research by Universities
  • 1994 Internet went private

4
Who manages the Internet
  • ICANN, The Internet Corporation for Assigned
    Names and Numbers
  • can be said to be in charge of the internet
  • IETF, the Internet Engineering Task Force
  • Oversee development and standardization.
  • ISOC, the Internet Society
  • Membership organization that represents Internet
    users.

5
The IP address Crisis
  • Class A IP, example 129.X.X.X
  • Class B IP, example 129.72.X.X
  • Class C IP, example 129.72.216.X
  • Where never allocated fairly. US government
    holds half the the Class A IPs from 1-126.X.X.X,
    many unused or badly allocated.
  • http//www.caida.org/outreach/learn/ipv4space for
    more information

6
Ethernet
  • Uses CSMA/CD
  • Carrier Sense you can tell whether anyone is
    talking.
  • Multiple Access everyone can talk
  • Collision Detection you know when you interrupt
    someone else.

7
Evolution
  • Year Speed Name media
  • 1973 3Mb/s Xerox coax
  • 80-93 10Mb/s Ethernet coax cat3
  • 10Base2/10BaseT
  • 1994 100Mb/s 100Base Cat5, fiber
  • 1998 1 Gb/s 1000Base fiber,Cat5e
  • 2008 1 Tb/s ? ?

8
Networking for your machine
  • Static or manual
  • You set the network information the machine
    needs.
  • DHCP
  • Your machine asks for the networking information
    from a Server.
  • BOOTP
  • A server give you an IP number and gateway
  • PPP
  • Dailup version of DHCP or could be static

9
  • DHCP and bootp
  • Each asks a server for networking information for
    your machine. It is based off a mac address
  • a MAC address
  • a hard coded number that you network card has.
  • It is 6 segment Hex number
  • example 080020794F49

10
loopback interface
  • lo (or lo0) is the loopback interface
  • It has an IP address of 127.0.0.1 and name of
    localhost. (Dont EVER changed this).
  • On a unix machine, it's active even the network
    card is not. Used for testing of networking
    applications and other things.

11
Using arp
  • arp is a program that will display know mac
    addresses, IP number, and machine name.
  • Each machine has a table of know machines, called
    an arp table
  • arp a
  • xor.com (192.108.21.1) at 080020775EA0
  • earth.xor.com (129.108.21.180) at 0050DA124E
    E5

12
Using ifconfig
  • ifconfig allows you to configure your network and
    look at a specific network device
  • ifconfig eth0 (network card)
  • displays flags, IP number, netmask, broadcast,
    mac address, and stats
  • netmask tells the computer which IP address class
    you have (A,B,C). Class C 255.255.255.0
  • broadcast, has to do with IP class. Class C
    10.216.218.255 (for computer Science).

13
PPP and IP forwarding
  • When a machine makes a PPP (dial-up) connection
    to a server, the server then forwards on IP
    packets from the client into the network
    (internet).
  • Also, the clients IP is associated with the
    servers mac address.
  • IP forwarding is for routing (dial-up and
    network). If your machine is not a dial-up
    server, it should be turned off.

14
routing
  • Most machines a route table, where to send
    packets.
  • netstat rn will display the route table
  • Kernel IP routing table
  • Destination Gateway Genmask Flags
    M W irtt Iface
  • 10.216.218.12 0.0.0.0 255.255.255.255 UH
    0 0 0 eth0
  • 10.216.218.0 0.0.0.0 255.255.255.0 U
    0 0 0 eth0
  • 127.0.0.0 0.0.0.0 255.0.0.0
    U 0 0 0 lo
  • 0.0.0.0 10.216.218.1 0.0.0.0
    UG 0 0 0 eth0
  • 0.0.0.0 is also called default

15
Adding routes
  • The most common route to add to a machine is the
    default route.
  • This is the one that gets your network packets
    outside of IP domain
  • Normally to a router.
  • route add default 10.216.218.1
  • Since that is where our router is located.

16
Security
  • Networking is one of the most vulnerable parts of
    a computer for attacks.
  • firewalls and filters.
  • Basically, UNIX firewalls and filters are weak
    (and Microsofts are far worse).
  • firewalls allow you block network traffic to a
    machine (or set of machines)
  • filtering allows you block a set of IPs or only
    allow a set of IPs into your machine.

17
  • For true hardware firewalls and filters, buy a
    dedicated router or switch (probably from CISCO,
    current leader network hardware, 70 of the
    market, but there are other very good vendors
    and cheaper as well.).
  • Denial of Service and various other attacks can
    be blocked by routers/switches and IDSs, but not
    by a UNIX machine
  • Why? The computer is spending time to deal with
    the problem, instead of normal work.
  • We will return to security later on.

18
Cosc 4750
  • Networking commands

19
More Networking commands
  • hostname
  • allows you to determined the name of the machine
  • nslookup ltnamegt Or nslookup IP number
  • Determine an IP for a given name or a name for a
    given IP number
  • More later with DNS

20
  • finger ltusernamegt
  • check to see if they are logined
  • finger
  • check to who is logged to the machine
  • finger ltusergt_at_machine or finger _at_machine
  • See who is logged in or if a given user is logged
    into a remote machine

21
  • tcpdump, must be run as root
  • prints out the packets received by an interface
    (network card)
  • ping ltmachinegt or ping c machine
  • Allows to check to see if a machine is alive
  • And check to see if your networking is working
  • -c is how many packets to send/receive before
    stopping

22
  • traceroute ltmachinegt
  • Displays all immediate steps between your machine
    and a remote machine
  • Good way to find out where the network broken
    down between you and a remote machine
  • Also useful in tracking an IP address

23
  • telnet ltmachinegt ltportgt
  • connect to a remote machine, if port is left off,
    then the default is port 23, which is for telnet
    logins
  • rlogin ltmachinegt
  • login to a remote machine, with the current
    username (-l ltusernamegt to specify another
    username)
  • normally some environment variables are carried
    to the remote machine.
  • Must use a password (unless .rhost file)

24
  • .rhosts file
  • a listing of machines that a user can rlogin (rcp
    and rsh) from with using a password. A security
    problem.
  • Example of the file
  • meru.cs.uwyo.edu seker
  • k2.cs.uwyo.edu seker
  • asdf.cs.uwyo.edu bob

25
  • rcp (remote copy), normally need a .rhosts file
    for it work.
  • rcp ltfilegt ltmachinepathgt
  • rcp test meru/meru3/seker/.
  • rsh (remote shell), will work without a .rhosts
    file.
  • rsh meru ls display the my directory on meru
  • rsh meru xterm display k2.cs.uwyo.edu0.0

26
  • xhost lthostgt
  • xhost is one way in which you allow a remote
    machine to display (access) console
  • For the preceeding rsh meru xterm command
  • xhost meru is needed in order for meru to
    display an xterm window on my console (display).
  • xhost (with a machine) allows any remote
    host to access your console. Very insecure.

27
  • All the r commands are considered insecure and
    should be avoided.
  • rsh, rlogin, rcp, etc.
  • Instead you want to use a secure problem

28
  • ssh (secure shell) is replace program for rlogin
    and rsh. Provides encrypted communication
    between two untrusted hosts over an insecure
    network. (from the man pages)
  • ssh meru Will create a secure connection between
    my machine and meru
  • see the man pages (man ssh) for more information

29
  • Use ssh instead of rsh
  • ssh lthostgt command
  • Use scp instead of rcp
  • And sshd will accept secure ftp connections
  • use sftp instead of ftp

30
Why use the S programs?
  • ssh creates a secure connections
  • passwords are not passed between machines in
    clear text, instead they are encrypted
  • Since the connection is encrypted, packet
    sniffers and other similar devices can see what
    you are doing.
  • Offers machine better security.
  • Xhost for example, allows ANYONE to view your
    screen and could capture keystrokes.

31
More on netstat
  • netstat a displays all active TCP and UDP
    ports
  • netstat i displays each interface and stats
  • netstat i c display continuing stats
  • netstat rn displays the route tables
  • netstat s displays stats for each section IP,
    ICMP, TCP, and UDP

32
Packet Sniffers
  • Listen to the traffic on the network, record
    and/or print packets with certain criteria
  • Changes the network card to "promiscuous mode",
    so that it can intercept all the network packets.
  • tcpdump is installed on most linux machines and
    is a packet sniffer, command line
  • Ethereal, use a GUI interface and allows a point
    and click
  • see the man pages for use of these programs.

33
Packet Sniffers (2)
  • There are a lot of packet sniffer packages
    available.
  • They should be used with caution, since you are
    bordering on hacking, as well as intercepting
    "private" information.

34
SNMP
  • The Simple Network Management Protocol
  • Can be used for gathering stats and managing
    network hardware
  • Some applications that been created with SNMP
    protocol
  • mrtg, multi-router traffic grapher
  • demo in class
  • perl also has several modules for snmp.

35
Iptables
  • How the firewall treats packets leaving,
    entering, or passing through your computer.
    There is a chain for each of these.
  • Any packet entering your computer goes through
    the INPUT chain.
  • Any packet that your computer sends out to the
    network goes through the OUTPUT chain.
  • Any packet that your computer picks up on one
    network and sends to another goes through the
    FORWARD chain.
  • The chains are half of the logic behind iptables
    themselves.

36
Iptables (2)
  • Iptables can be configured through the command
    iptables
  • And configured on startup from /etc/sysconfig/ipta
    bles
  • The basics
  • You specify based on a number of different
    attributes whether a packet should be accepted or
    dropped for each chain.
  • You can drop an incoming packet from one packet,
    but allow an outbound packet to it.

37
Iptables (3)
  • Examples
  • Iptables A INPUT -s 200.200.200.1 -j DROP
  • Drop any input bound packet from ip number
    200.200.200.1
  • Still allows outbound packets to that ip.

38
Iptables (4)
  • -p protocol
  • tcp, udp, icmp, icmp, or all
  • -s IPaddress/mask
  • Source IP address or part with a mask, like
    129.72.0.0/16
  • -d Ipaddress/mask
  • Destination IP addresss or part with mask.
  • -i name network interface name packet
    received on
  • -o name network interface name packet send out
    on
  • --dport portnumber
  • used with p and others to specify a port number.

39
Iptables (5)
  • Other commands
  • -A INPUT -m state state RELATED, ESTABLISHED j
    ACCEPT
  • Allows processes already talking to establish new
    connections
  • iptables P INPUT drop
  • The default is to drop packets on the input
    chain.
  • There are many more.

40
iptables example
  • filter
  • INPUT DROP 00
  • FORWARD DROP 00
  • OUTPUT ACCEPT 00
  • -A INPUT I lo j ACCEPT
  • -A INPUT -s 10.10.10.1 -i eth0 -j ACCEPT
  • -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
  • -A INPUT s 10.82.0.0/16 -p tcp -m tcp --dport 80
    -j ACCEPT
  • -A INPUT -m state --state RELATED,ESTABLISHED -j
    ACCEPT
  • -A OUTPUT -o lo -j ACCEPT
  • -A OUTPUT -o eth0 -j ACCEPT
  • COMMIT

41
Iptables (6)
  • Removing rules
  • uses D option
  • iptables D INPUT -s 10.10.10.1 -i eth0 -j ACCEPT
  • removes the rules accepting 10.10.10.1

42
iptables conclusion
  • This covers only the basics of iptables
  • This should be enough to get you started with a
    good set of rules.
  • You can create more chains and more rules.
  • I didnt cover all the options
  • Find a good site or book that covers more detail
    and explanations.

43
Q
A
Write a Comment
User Comments (0)
About PowerShow.com