Cosc 4750

1
Cosc 4750

• Networking

2
The basics

• Machine A and Machine B have a connection to a
  network
• When Machine A wants to talk to machine B, it
  creates a packet of information with a
  destination address of machine B, and sends it
  out into the network.
• Machine B receives the packets and responds if it
  needs to.
• In UNIX, Machine A can also send a message to
  itself. (localhost, IP 127.0.0.1)

3
TCP/IP and the Internet

• brief history
• Not created by Microsoft or Vice President Gore
• Established by DARPA in 1969 for the US
  Department of Defense, called ARPANET
• By 1980s it was used in research by Universities
• 1994 Internet went private

4
Who manages the Internet

• ICANN, The Internet Corporation for Assigned
  Names and Numbers
• can be said to be in charge of the internet
• IETF, the Internet Engineering Task Force
• Oversee development and standardization.
• ISOC, the Internet Society
• Membership organization that represents Internet
  users.

5
The IP address Crisis

• Class A IP, example 129.X.X.X
• Class B IP, example 129.72.X.X
• Class C IP, example 129.72.216.X
• Where never allocated fairly. US government
  holds half the the Class A IPs from 1-126.X.X.X,
  many unused or badly allocated.
• http//www.caida.org/outreach/learn/ipv4space for
  more information

6
Ethernet

• Uses CSMA/CD
• Carrier Sense you can tell whether anyone is
  talking.
• Multiple Access everyone can talk
• Collision Detection you know when you interrupt
  someone else.

7
Evolution

• Year Speed Name media
• 1973 3Mb/s Xerox coax
• 80-93 10Mb/s Ethernet coax cat3
• 10Base2/10BaseT
• 1994 100Mb/s 100Base Cat5, fiber
• 1998 1 Gb/s 1000Base fiber,Cat5e
• 2008 1 Tb/s ? ?

8
Networking for your machine

• Static or manual
• You set the network information the machine
  needs.
• DHCP
• Your machine asks for the networking information
  from a Server.
• BOOTP
• A server give you an IP number and gateway
• PPP
• Dailup version of DHCP or could be static

9

• DHCP and bootp
• Each asks a server for networking information for
  your machine. It is based off a mac address
• a MAC address
• a hard coded number that you network card has.
• It is 6 segment Hex number
• example 080020794F49

10
loopback interface

• lo (or lo0) is the loopback interface
• It has an IP address of 127.0.0.1 and name of
  localhost. (Dont EVER changed this).
• On a unix machine, it's active even the network
  card is not. Used for testing of networking
  applications and other things.

11
Using arp

• arp is a program that will display know mac
  addresses, IP number, and machine name.
• Each machine has a table of know machines, called
  an arp table
• arp a
• xor.com (192.108.21.1) at 080020775EA0
• earth.xor.com (129.108.21.180) at 0050DA124E
  E5

12
Using ifconfig

• ifconfig allows you to configure your network and
  look at a specific network device
• ifconfig eth0 (network card)
• displays flags, IP number, netmask, broadcast,
  mac address, and stats
• netmask tells the computer which IP address class
  you have (A,B,C). Class C 255.255.255.0
• broadcast, has to do with IP class. Class C
  10.216.218.255 (for computer Science).

13
PPP and IP forwarding

• When a machine makes a PPP (dial-up) connection
  to a server, the server then forwards on IP
  packets from the client into the network
  (internet).
• Also, the clients IP is associated with the
  servers mac address.
• IP forwarding is for routing (dial-up and
  network). If your machine is not a dial-up
  server, it should be turned off.

14
routing

• Most machines a route table, where to send
  packets.
• netstat rn will display the route table
• Kernel IP routing table
• Destination Gateway Genmask Flags
  M W irtt Iface
• 10.216.218.12 0.0.0.0 255.255.255.255 UH
  0 0 0 eth0
• 10.216.218.0 0.0.0.0 255.255.255.0 U
  0 0 0 eth0
• 127.0.0.0 0.0.0.0 255.0.0.0
  U 0 0 0 lo
• 0.0.0.0 10.216.218.1 0.0.0.0
  UG 0 0 0 eth0
• 0.0.0.0 is also called default

15
Adding routes

• The most common route to add to a machine is the
  default route.
• This is the one that gets your network packets
  outside of IP domain
• Normally to a router.
• route add default 10.216.218.1
• Since that is where our router is located.

16
Security

• Networking is one of the most vulnerable parts of
  a computer for attacks.
• firewalls and filters.
• Basically, UNIX firewalls and filters are weak
  (and Microsofts are far worse).
• firewalls allow you block network traffic to a
  machine (or set of machines)
• filtering allows you block a set of IPs or only
  allow a set of IPs into your machine.

17

• For true hardware firewalls and filters, buy a
  dedicated router or switch (probably from CISCO,
  current leader network hardware, 70 of the
  market, but there are other very good vendors
  and cheaper as well.).
• Denial of Service and various other attacks can
  be blocked by routers/switches and IDSs, but not
  by a UNIX machine
• Why? The computer is spending time to deal with
  the problem, instead of normal work.
• We will return to security later on.

18
Cosc 4750

• Networking commands

19
More Networking commands

• hostname
• allows you to determined the name of the machine
• nslookup ltnamegt Or nslookup IP number
• Determine an IP for a given name or a name for a
  given IP number
• More later with DNS

20

• finger ltusernamegt
• check to see if they are logined
• finger
• check to who is logged to the machine
• finger ltusergt_at_machine or finger _at_machine
• See who is logged in or if a given user is logged
  into a remote machine

21

• tcpdump, must be run as root
• prints out the packets received by an interface
  (network card)
• ping ltmachinegt or ping c machine
• Allows to check to see if a machine is alive
• And check to see if your networking is working
• -c is how many packets to send/receive before
  stopping

22

• traceroute ltmachinegt
• Displays all immediate steps between your machine
  and a remote machine
• Good way to find out where the network broken
  down between you and a remote machine
• Also useful in tracking an IP address

23

• telnet ltmachinegt ltportgt
• connect to a remote machine, if port is left off,
  then the default is port 23, which is for telnet
  logins
• rlogin ltmachinegt
• login to a remote machine, with the current
  username (-l ltusernamegt to specify another
  username)
• normally some environment variables are carried
  to the remote machine.
• Must use a password (unless .rhost file)

24

• .rhosts file
• a listing of machines that a user can rlogin (rcp
  and rsh) from with using a password. A security
  problem.
• Example of the file
• meru.cs.uwyo.edu seker
• k2.cs.uwyo.edu seker
• asdf.cs.uwyo.edu bob

25

• rcp (remote copy), normally need a .rhosts file
  for it work.
• rcp ltfilegt ltmachinepathgt
• rcp test meru/meru3/seker/.
• rsh (remote shell), will work without a .rhosts
  file.
• rsh meru ls display the my directory on meru
• rsh meru xterm display k2.cs.uwyo.edu0.0

26

• xhost lthostgt
• xhost is one way in which you allow a remote
  machine to display (access) console
• For the preceeding rsh meru xterm command
• xhost meru is needed in order for meru to
  display an xterm window on my console (display).
• xhost (with a machine) allows any remote
  host to access your console. Very insecure.

27

• All the r commands are considered insecure and
  should be avoided.
• rsh, rlogin, rcp, etc.
• Instead you want to use a secure problem

28

• ssh (secure shell) is replace program for rlogin
  and rsh. Provides encrypted communication
  between two untrusted hosts over an insecure
  network. (from the man pages)
• ssh meru Will create a secure connection between
  my machine and meru
• see the man pages (man ssh) for more information

29

• Use ssh instead of rsh
• ssh lthostgt command
• Use scp instead of rcp
• And sshd will accept secure ftp connections
• use sftp instead of ftp

30
Why use the S programs?

• ssh creates a secure connections
• passwords are not passed between machines in
  clear text, instead they are encrypted
• Since the connection is encrypted, packet
  sniffers and other similar devices can see what
  you are doing.
• Offers machine better security.
• Xhost for example, allows ANYONE to view your
  screen and could capture keystrokes.

31
More on netstat

• netstat a displays all active TCP and UDP
  ports
• netstat i displays each interface and stats
• netstat i c display continuing stats
• netstat rn displays the route tables
• netstat s displays stats for each section IP,
  ICMP, TCP, and UDP

32
Packet Sniffers

• Listen to the traffic on the network, record
  and/or print packets with certain criteria
• Changes the network card to "promiscuous mode",
  so that it can intercept all the network packets.
• tcpdump is installed on most linux machines and
  is a packet sniffer, command line
• Ethereal, use a GUI interface and allows a point
  and click
• see the man pages for use of these programs.

33
Packet Sniffers (2)

• There are a lot of packet sniffer packages
  available.
• They should be used with caution, since you are
  bordering on hacking, as well as intercepting
  "private" information.

34
SNMP

• The Simple Network Management Protocol
• Can be used for gathering stats and managing
  network hardware
• Some applications that been created with SNMP
  protocol
• mrtg, multi-router traffic grapher
• demo in class
• perl also has several modules for snmp.

35
Iptables

• How the firewall treats packets leaving,
  entering, or passing through your computer.
  There is a chain for each of these.
• Any packet entering your computer goes through
  the INPUT chain.
• Any packet that your computer sends out to the
  network goes through the OUTPUT chain.
• Any packet that your computer picks up on one
  network and sends to another goes through the
  FORWARD chain.
• The chains are half of the logic behind iptables
  themselves.

36
Iptables (2)

• Iptables can be configured through the command
  iptables
• And configured on startup from /etc/sysconfig/ipta
  bles
• The basics
• You specify based on a number of different
  attributes whether a packet should be accepted or
  dropped for each chain.
• You can drop an incoming packet from one packet,
  but allow an outbound packet to it.

37
Iptables (3)

• Examples
• Iptables A INPUT -s 200.200.200.1 -j DROP
• Drop any input bound packet from ip number
  200.200.200.1
• Still allows outbound packets to that ip.

38
Iptables (4)

• -p protocol
• tcp, udp, icmp, icmp, or all
• -s IPaddress/mask
• Source IP address or part with a mask, like
  129.72.0.0/16
• -d Ipaddress/mask
• Destination IP addresss or part with mask.
• -i name network interface name packet
  received on
• -o name network interface name packet send out
  on
• --dport portnumber
• used with p and others to specify a port number.

39
Iptables (5)

• Other commands
• -A INPUT -m state state RELATED, ESTABLISHED j
  ACCEPT
• Allows processes already talking to establish new
  connections
• iptables P INPUT drop
• The default is to drop packets on the input
  chain.
• There are many more.

40
iptables example

• filter
• INPUT DROP 00
• FORWARD DROP 00
• OUTPUT ACCEPT 00
• -A INPUT I lo j ACCEPT
• -A INPUT -s 10.10.10.1 -i eth0 -j ACCEPT
• -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
• -A INPUT s 10.82.0.0/16 -p tcp -m tcp --dport 80
  -j ACCEPT
• -A INPUT -m state --state RELATED,ESTABLISHED -j
  ACCEPT
• -A OUTPUT -o lo -j ACCEPT
• -A OUTPUT -o eth0 -j ACCEPT
• COMMIT

41
Iptables (6)

• Removing rules
• uses D option
• iptables D INPUT -s 10.10.10.1 -i eth0 -j ACCEPT
  
• removes the rules accepting 10.10.10.1

42
iptables conclusion

• This covers only the basics of iptables
• This should be enough to get you started with a
  good set of rules.
• You can create more chains and more rules.
• I didnt cover all the options
• Find a good site or book that covers more detail
  and explanations.

43
Q
A