Networking - Computer Science

Download Report

Transcript Networking - Computer Science

Cosc 4750
Networking
The basics
• Machine A and Machine B have a connection to a
network
• When Machine A wants to “talk” to machine B, it
creates a packet of information with a destination
address of machine B, and sends it out into the
network.
• Machine B receives the packets and responds if it
needs to.
• In UNIX, Machine A can also send a message to
itself. (localhost, IP 127.0.0.1)
TCP/IP and the Internet
• brief history
– Not created by Microsoft or Vice President
Gore
– Established by DARPA in 1969 for the US
Department of Defense, called ARPANET
– By 1980’s it was used in research by
Universities
– 1994: Internet went private
Who “manages” the Internet
• ICANN, The Internet Corporation for
Assigned Names and Numbers:
– can be said to be in charge of the internet
• IETF, the Internet Engineering Task Force
– Oversee development and standardization.
• ISOC, the Internet Society
– Membership organization that represents
Internet users.
The IP address Crisis
•
•
•
•
Class A IP, example 129.X.X.X
Class B IP, example 129.72.X.X
Class C IP, example 129.72.216.X
Where never allocated “fairly”. US government
holds half the the Class A IPs from 1-126.X.X.X,
many unused or badly allocated.
• http://www.caida.org/outreach/learn/ipv4space for
more information
Ethernet
• Uses CSMA/CD:
– Carrier Sense: you can tell whether anyone is
talking.
– Multiple Access: everyone can talk
– Collision Detection: you know when you
interrupt someone else.
Evolution
•
•
•
•
•
•
•
Year
1973
80-93
1994
1998
2008
Speed
3Mb/s
10Mb/s
Name
media
Xerox
coax
Ethernet coax cat3
10Base2/10BaseT
100Mb/s 100Base Cat5, fiber
1 Gb/s
1000Base fiber,Cat5e
1 Tb/s
?
?
Networking for your machine
• Static or manual
– You set the network information the machine needs.
• DHCP
– Your machine asks for the networking information
from a Server.
• BOOTP
– A server give you an IP number and gateway
• PPP
– Dailup version of DHCP or could be static
• DHCP and bootp
– Each asks a server for networking information
for your machine. It is based off a mac address
• a MAC address
– a hard coded number that you network card has.
– It is 6 segment Hex number
– example: 08:00:20:79:4F:49
loopback interface
• lo (or lo0) is the loopback interface
• It has an IP address of 127.0.0.1 and name
of localhost. (Don’t EVER changed this).
• On a unix machine, it's active even the
network card is not. Used for testing of
networking applications and other things.
Using arp
• arp is a program that will display know mac
addresses, IP number, and machine name.
• Each machine has a table of know
machines, called an arp table
• arp –a
xor.com (192.108.21.1) at 08:00:20:77:5E:A0
earth.xor.com (129.108.21.180) at
00:50:DA:12:4E: E5
Using ifconfig
• ifconfig allows you to configure your network and
look at a specific network device
• ifconfig eth0 (network card)
– displays flags, IP number, netmask, broadcast, mac
address, and stat’s
– netmask tells the computer which IP address class you
have (A,B,C). Class C: 255.255.255.0
– broadcast, has to do with IP class. Class C:
10.216.218.255 (for computer Science).
PPP and IP forwarding
• When a machine makes a PPP (dial-up)
connection to a server, the server then forwards on
IP packets from the client into the network
(internet).
• Also, the client’s IP is associated with the servers
mac address.
• IP forwarding is for routing (dial-up and network).
If your machine is not a dial-up server, it should
be turned off.
routing
• Most machines a route table, where to send
packets.
• netstat –rn will display the route table
Kernel IP routing table
Destination Gateway Genmask
Flags M W
10.216.218.12 0.0.0.0 255.255.255.255 UH 0 0
10.216.218.0 0.0.0.0 255.255.255.0 U
00
127.0.0.0
0.0.0.0
255.0.0.0
U
00
0.0.0.0
10.216.218.1 0.0.0.0
UG 0 0
0.0.0.0 is also called default
irtt Iface
0 eth0
0 eth0
0 lo
0 eth0
Adding routes
• The most common route to add to a
machine is the default route.
– This is the one that gets your network packets
outside of IP domain
• Normally to a router.
• route add default 10.216.218.1
– Since that is where our “router” is located.
Security
• Networking is one of the most vulnerable parts of
a computer for attacks.
• firewalls and filters.
• Basically, UNIX firewalls and filters are weak
(and Microsoft’s are far worse).
• firewalls allow you block network traffic to a
machine (or set of machines)
• filtering allows you block a set of IPs or only
allow a set of IPs into your machine.
• For true hardware firewalls and filters, buy a
dedicated router or switch (probably from CISCO, current
leader network hardware, 70% of the market, but there are other very
good vendors [and cheaper] as well.).
• Denial of Service and various other attacks can be
blocked by routers/switches and IDSs, but not by a
UNIX machine
• Why? The computer is spending time to deal with
the problem, instead of normal work.
– We will return to security later on.
Cosc 4750
Networking commands
More Networking commands
• hostname
– allows you to determined the name of the
machine
• nslookup <name> Or nslookup IP number
– Determine an IP for a given name or a name for
a given IP number
– More later with DNS
• finger <username>
– check to see if they are logined
• finger
– check to who is logged to the machine
• finger <user>@machine or finger
@machine
– See who is logged in or if a given user is logged
into a remote machine
• tcpdump, must be run as root
– prints out the packets received by an interface
(network card)
• ping <machine> or ping –c # machine
– Allows to check to see if a machine is alive
– And check to see if your networking is working
– -c is how many packets to send/receive before
stopping
• traceroute <machine>
– Displays all immediate steps between your
machine and a remote machine
– Good way to find out where the network
broken down between you and a remote
machine
– Also useful in tracking an IP address
• telnet <machine> <port>
– connect to a remote machine, if port is left off, then the
default is port 23, which is for telnet logins
• rlogin <machine>
– login to a remote machine, with the current username (l <username> to specify another username)
– normally some environment variables are “carried” to
the remote machine.
– Must use a password (unless .rhost file)
• .rhosts file
– a listing of machines that a user can rlogin (rcp
and rsh) from with using a password. A
security problem.
– Example of the file
meru.cs.uwyo.edu seker
k2.cs.uwyo.edu seker
asdf.cs.uwyo.edu bob
• rcp (remote copy), normally need a .rhosts
file for it work.
– rcp <file> <machine:path>
– rcp test meru:/meru3/seker/.
• rsh (remote shell), will work without a
.rhosts file.
– rsh meru ls display the my directory on meru
– rsh meru xterm –display k2.cs.uwyo.edu:0.0
• xhost + <host>
– xhost is one way in which you allow a remote
machine to display (access) “console”
– For the preceeding rsh meru xterm command
– xhost + meru is needed in order for meru to
display an xterm window on my console
(display).
– xhost + (with a machine) allows any remote
host to access your console. Very insecure.
• All the r commands are considered insecure
and should be avoided.
– rsh, rlogin, rcp, etc.
– Instead you want to use a secure problem
• ssh (secure shell) is replace program for
rlogin and rsh. Provides encrypted
communication between two untrusted
hosts over an insecure network. (from the
man pages)
– ssh meru Will create a secure connection
between my machine and meru
– see the man pages (man ssh) for more
information
• Use ssh instead of rsh
– ssh <host> command
• Use scp instead of rcp
• And sshd will accept secure ftp connections
– use sftp instead of ftp
Why use the S programs?
• ssh creates a secure connections
– passwords are not passed between machines in clear
text, instead they are encrypted
• Since the connection is encrypted, packet sniffers
and other similar devices can “see” what you are
doing.
• Offers machine better security.
– Xhost + for example, allows ANYONE to “view” your
screen and could capture keystrokes.
More on netstat
• netstat –a displays all active TCP and UDP
ports
• netstat –i displays each interface and stat’s
• netstat –i –c display continuing stat’s
• netstat –rn displays the route tables
• netstat –s displays stat’s for each section:
IP, ICMP, TCP, and UDP
Packet Sniffers
• Listen to the traffic on the network, record and/or
print packets with certain criteria
– Changes the network card to "promiscuous mode", so
that it can intercept all the network packets.
– tcpdump is installed on most linux machines and is a
packet sniffer, command line
– Ethereal, use a GUI interface and allows a point and
click
• see the man pages for use of these programs.
Packet Sniffers (2)
• There are a lot of packet sniffer packages
available.
– They should be used with caution, since you are
bordering on hacking, as well as intercepting
"private" information.
SNMP
• The Simple Network Management Protocol
• Can be used for gathering stat’s and
managing network hardware
• Some applications that been created with
SNMP protocol
– mrtg, multi-router traffic grapher
• demo in class
• perl also has several modules for snmp.
Iptables
• How the firewall treats packets leaving, entering, or
passing through your computer. There is a chain for
each of these.
– Any packet entering your computer goes through the INPUT
chain.
– Any packet that your computer sends out to the network
goes through the OUTPUT chain.
– Any packet that your computer picks up on one network and
sends to another goes through the FORWARD chain.
• The chains are half of the logic behind iptables
themselves.
Iptables (2)
• Iptables can be configured through the
command iptables
– And configured on startup from
/etc/sysconfig/iptables
• The basics
– You specify based on a number of different
attributes whether a packet should be accepted or
dropped for each chain.
• You can drop an incoming packet from one packet, but
allow an outbound packet to it.
Iptables (3)
• Examples:
• Iptables –A INPUT -s 200.200.200.1 -j
DROP
– Drop any input bound packet from ip number
200.200.200.1
– Still allows outbound packets to that ip.
Iptables (4)
• -p [protocol]
– tcp, udp, icmp, icmp, or all
• -s IPaddress[/mask]
– Source IP address or part with a mask, like 129.72.0.0/16
• -d Ipaddress[/mask]
– Destination IP addresss or part with mask.
• -i name
network interface name packet received on
• -o name network interface name packet send out on
• --dport portnumber
– used with –p and others to specify a port number.
Iptables (5)
• Other commands
• -A INPUT -m state –state RELATED,
ESTABLISHED –j ACCEPT
– Allows processes already talking to establish new
connections
• iptables –P INPUT drop
– The default is to drop packets on the input chain.
• There are many more.
iptables example
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT –I lo –j ACCEPT
-A INPUT -s 10.10.10.1 -i eth0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT –s 10.82.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
Iptables (6)
• Removing rules
• uses –D option
• iptables –D INPUT -s 10.10.10.1 -i eth0 -j
ACCEPT
– removes the rules accepting 10.10.10.1
iptables conclusion
• This covers only the basics of iptables
– This should be enough to get you started with a
good set of rules.
• You can create more chains and more rules.
• I didn’t cover all the options
• Find a good site or book that covers more
detail and explanations.
Q&A