Kompiuterių tinklai UDP, NAT, SOCKS

Size: px
Start display at page:

Download "Kompiuterių tinklai UDP, NAT, SOCKS"

Transcription

1 Kompiuterių tinklai UDP, NAT, SOCKS Rolandas Griškevičius MSN: R. Griškevičius, Kompiuterių tinklai, VGTU,

2 UDP RFC 768 Neturi: Ryšio užmezgimo žingsnių Būsenų (ir būsenų diagramos) ACK ir kitų indikatorių (flags) Turi: Porto numerius Siuntėjo Gavėjo Kontrolinę sumą Tik 8 baitų antgalvę (header) R. Griškevičius, Kompiuterių tinklai, VGTU,

3 UDP 2 Kadangi neturi susijungimo būsenos, kiekvienas paketas laikomas nepriklausomu: Normalu jei paketas bus pamestas Normalu, jei vėliau išsiųstas ateis anksčiau Šaltinis: R. Griškevičius, Kompiuterių tinklai, VGTU,

4 Ryšio schemose kur: UDP taikymai Daug klientų, mažai duomenų Multicast - kai reikia išsiųsti dideliam klientų skaičiui Standartiniai naudojimo atvejai: DNS portas 53 BOOTP portai 67 ir 68 tftp portas 69 Numatytas kontrolės mechanizmas SNMP 161 ir 162 RIP 520 ir R. Griškevičius, Kompiuterių tinklai, VGTU,

5 UDP 3 ygent tmp # tcpdump -i lo -vv -X -s 0 tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size bytes 19:40: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 55) > : [bad udp cksum c2f6!] UDP, length 27 0x0000: cb4 7f E..7..@.@.<... 0x0010: 7f bb fe36 e287 59f9...#.6..Y. 0x0020: b00 726f 6c61...rola 0x0030: 6e e67 00 ndas.g. 19:40: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 42) > : [bad udp cksum af75!] UDP, length 14 0x0000: a cc1 7f E..*..@.@.<... 0x0010: 7f bb fe29 89ef e0e0...)... 0x0020: 0a fc...A... Gavėjo IP adresas IP antgalvė Siuntėjo portas Gavėjo portas Siuntėjo IP adresas R. Griškevičius, Kompiuterių tinklai, VGTU,

6 Ugniasienė Firewall 3 pagrindiniai tipai: Paketų filtras Pagal užduotas taisykles stebi srautą ir praleidžia/atmeta paketus Jau retai naudojamas kaip vienintelis sprendimas Greičiausi, bet primityviausi Sujungimo filtras (būsenos) Stebi kliento (dažniausiai iš vidaus) sudarytą sujungimą (TCP/UDP) ir pagal tai nustato paketų filtrą. Seka sujungimo būseną Aplikacijos lygio filtras. Analizuja OSI 5 ir aukštesnius lygius. Dažniausiai naudojami http, ftp protokolams filtruoti R. Griškevičius, Kompiuterių tinklai, VGTU,

7 Router vs Firewall Maršrutizatorius paprastai veikia 3 OSI = IP lygyje Teoriškai gali atlikti adresų transliaciją Užduotis nukreipti paketą tam tikru keliu Ugniasienė veikia mažiausiai 4 OSI = TCP/UDP lygyje: Atlieka portų filtravimą Atlieka TCP/UDP sujungimo monitoringą (nuo ryšio pradėjimo - handshaking - iki užbaigimo) Atlieka aukštesnio protokolo kontrolę Pvz, SKYPE blokavimas gana sudėtingas, nes naudoja įvairius komunikavimo mechanizmus Gali atlikti NAPT R. Griškevičius, Kompiuterių tinklai, VGTU,

8 NAT Paprasčiausias statinis NAT. Veikia IP lygyje Aprašoma kiekvieno IP adreso transliacija atskirai: X n Y n x Y x n Y n Naudojamas paprastai adresų transliacijai Cisco conf t ; interface <interfeisas> ; ip nat inside R. Griškevičius, Kompiuterių tinklai, VGTU,

9 Dinaminis NAT Iš vieno rėžio į kitą, rėžiai gali būti nelygūs x n y m, n = 1..a, m = 1..b, a b Veikia IP lygyje, dinamiškai tam tikram laikui kiaurai transliuoja x n y b adresų porą. Veikia IP lygyje, teikia skaidrų IP kanalą x y x n y m R. Griškevičius, Kompiuterių tinklai, VGTU,

10 NAT problemos Pagrindinė problema kontrolinė paketo suma. TCP ir UDP į kontrolinę sumą įtraukia ir IP antgalvės dalį, todėl reikia perskaičiuoti IP ir TCP kontrolines sumas R. Griškevičius, Kompiuterių tinklai, VGTU,

11 PAT, NAPT : : : > : : > : Keitimo (mapping) lentelė : : : :80 Pagrindinis keitimas vyksta porą source IP + port transliuojant į laisvą porto numerį Grįžtantis paketas atrandamas pagal gavėjo porto numerį ir pagal tai lentelėje vėl surandama pora IP + portas vidiniame tinkle R. Griškevičius, Kompiuterių tinklai, VGTU,

12 NAPT problemos NAPT paveldi antgalvių kontrolinių sumų problemą iš statinio NAT ICMP paketas neturi porto, taip pat savyje gali nešti kito IP paketo informaciją reikalingas dvigubas perskaičiavimas Laukiančio siuntėjo porto problema Kitos: chive_article09186a00800c83ec.html R. Griškevičius, Kompiuterių tinklai, VGTU,

13 Laukiančio siuntėjo porto problema Pvz, rexec paslauga: 1. Klientas jungiasi prie 512 prievado (rexec) 2. Klientas siunčia porto numerį, kuriuo jis klausosi stderr srauto duomenų. Formatas tekstinis 3. Jei portas ne tuščias (null terminated), serveris jungiasi į kliento nurodytą portą 4. Klientas siunčia vardą, slaptažodį, komandą, parametrus 5. Serveris siunčia klaidos kodą ( 0 OK, kita klaida) 6. Serveris siunčia programos išvesties duomenis į stdout ir stderr srautus per atskirus TCP kanalus (vienas kuriuo klausosi klientas) 7. Serveris uždaro susijungimus R. Griškevičius, Kompiuterių tinklai, VGTU,

14 Laukiančio siuntėjo porto probl. 2 14:10: > : S 0:0(0) win 3000 <mss 1500> c e c4 7f E..,...@... 7f f ef4 19bb N bb8 1f9d dc `... 14:10: > : S 0:0(0) ack 1 win 3000 <mss 1500> c e c3 7f E..,...@... 7f f8 4ef4 19bb 4ef4 19bc...N...N bb8 b6dc dc `... 14:10: > :. ack 1 win e c6 7f E..(...@... 7f f ef4 19bc 4ef4 19bc...N...N bb8 cec P... 14:10: > : P 1:6(5) ack 1 win d e c0 7f E..-...@... 7f f ef4 19bc 4ef4 19bc...N...N bb8 6c P...lP Du keliai: Papildomai konvertuoti 1014 (šiuo atveju) portą ateinančiam paketui Pakeisti išeinančiame į serverį pakete porto numerį savo ir vėliau jį permetinėti klientui Ta pati problema egzistuoja ir FTP protokole atidaromi 2 srautai vienas komandoms, kitas - duomenims R. Griškevičius, Kompiuterių tinklai, VGTU,

15 Linux NAPT # Praktiškai išbandytas Linux NAPT serveris. Gentoo linux, branduolys # Setup default policies to handle unmatched traffic # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD DROP export LAN=eth0 export WAN=eth1 export INT_LAN_IP= /16 #Then we lock our services so they only work from the LAN iptables -I INPUT 1 -i ${LAN} -j ACCEPT iptables -I INPUT 1 -i lo -j ACCEPT iptables -A INPUT -p UDP --dport bootps! -i ${LAN} -j REJECT iptables -A INPUT -p UDP --dport domain! -i ${LAN} -j REJECT #(Optional) Allow access to our ssh server from the WAN iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT #Drop TCP / UDP packets to privileged ports iptables -A INPUT -p TCP! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP iptables -A INPUT -p UDP! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP #Finally we add the rules for NAT iptables -I FORWARD -i ${LAN} -d $INT_LAN_IP -j DROP iptables -A FORWARD -i ${LAN} -s $INT_LAN_IP -j ACCEPT iptables -A FORWARD -i ${WAN} -d $INT_LAN_IP -j ACCEPT iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE #Tell the kernel that ip forwarding is OK echo 1 > /proc/sys/net/ipv4/ip_forward for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done R. Griškevičius, Kompiuterių tinklai, VGTU,

16 SOCKS proxy Socks proxy paslauga, užtikrinanti paketų ir/arba sujungimų perdavimą iš daugelio klientų per vieną serverį Veikia OSI lygyje 4.5 Klientas autentifikuojasi per TCP, registruoja paslaugą, užmezgamas sujungimas su serveriu Versijos: SOCKS v4 SOCKS v4a SOCKS v R. Griškevičius, Kompiuterių tinklai, VGTU,

17 Socks v4 Klientas užmezga ryšį: Laukas 1 0x04, 1 baitas, versijos numeris Laukas 2 komandos kodas, 1 baitas, 0x01 inicijuoti sujungimą, 0x02 laukti sujungimo Laukas 3 2 baitai, portas Laukas 4 4 baitai, IP adresas Laukas 5 vartotojo ID, pabaigoje - 0x00 Serveris: Laukas 1 0x00 baitas Laukas 2 statusas 0x5a OK, 0x5b atmesta ir t.t. Laukas 3 6 baitai, ignoruojami Pavyzdys, jugimasis su :80, serverio atsakas teigiamas: Klientas: 0x04 0x01 0x00 0x50 0x42 0x66 0x07 0x63 0x46 0x72 0x65 0x64 0x00 Serveris: 0x00 0x5a 0xXX 0xXX 0xXX 0xXX 0xXX 0xXX 0xXX ignoruojami, gali būti bet kokios reikšmės Dabar klientas gali inicijuoti duomenų srautą Šaltinis: R. Griškevičius, Kompiuterių tinklai, VGTU,

18 Socks v5 - RFC 1928 Socks v5: SOCKS 4 vs 5 Pridėtas IP v6 Pridėtas UDP protokolas UDP labai svarbus DNS paslaugai R. Griškevičius, Kompiuterių tinklai, VGTU,

19 Socks v 5 Šaltinis: Linux Magazine, 2005 liepa, 56 leidimas R. Griškevičius, Kompiuterių tinklai, VGTU,

20 SOCKS panaudojimas Pros: Gana paprasta realizacija Greitas Gali būti taikomas kaip alternatyva NAPT, kur NAPT negalimas dėl saugumo (išeinančio ryšio) Valdomas išeinantis srautas Gerai integruojasi su TOR Tinka tarptautinei paslaugai Cons Aplikacija turi palaikyti SOCKS proxy (naršyklės, IRC palaiko) R. Griškevičius, Kompiuterių tinklai, VGTU,

21 tor Daugiasluoksnio maršrutizavimo paslauga Naudojamas anoniminiam ryšiui Interfeisas organizuojamas socks pagalba Prieš siųsdamas pirmą paketą pirmas tor routeris parenka atsitiktinį kelią ir apvelka žinutę keliais simetriniais raktais koduotais apvalkalais R. Griškevičius, Kompiuterių tinklai, VGTU,

Kompiuterių tinklai. IPv6 ir tuneliai

Kompiuterių tinklai. IPv6 ir tuneliai Kompiuterių tinklai IPv6 ir tuneliai Rolandas Griškevičius rolandas.griskevicius@vgtu.lt MSN: rgrisha@hotmail.com http://fmf.vgtu.lt/~rgriskevicius 00--08 R. Griškevičius, Kompiuterių tinklai, VGTU, 00

More information

El. pašto konfigūravimas

El. pašto konfigūravimas El. pašto konfigūravimas Outlook Express (integruota Windows XP) elektroninio pašto klientas Žemiau pateikta instrukcija, kaip sukonfigūruoti savo elektroninį paštą vartotojams, turintiems elektroninio

More information

Packet Capturing with TCPDUMP command in Linux

Packet Capturing with TCPDUMP command in Linux Packet Capturing with TCPDUMP command in Linux In this tutorial we will be looking into a very well known tool in Linux system administrators tool box. Some times during troubleshooting this tool proves

More information

Trumpai-ilga istorija

Trumpai-ilga istorija Įvadas į Web Services Kas yra Web Service? Kas ką žino??? 70-ieji: Mainframe Trumpai-ilga istorija 80-ieji: Client-Server Istorijos 90-ieji: Web 2000: SOA 2010: Cloud Computing Šaltinis: Sergejus Barinovas,

More information

CIS-331 Fall 2013 Exam 1 Name: Total of 120 Points Version 1

CIS-331 Fall 2013 Exam 1 Name: Total of 120 Points Version 1 Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. NOTE: Router E should only be used for Internet traffic. Router A Router

More information

CIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1

CIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1 Version 1 1. (20 Points) Given the class A network address 117.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 4,000 subnets? b. (5 Points) What is

More information

CIS-331 Final Exam Spring 2015 Total of 115 Points. Version 1

CIS-331 Final Exam Spring 2015 Total of 115 Points. Version 1 Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present

More information

Firewalls. Content. Location of firewalls Design of firewalls. Definitions. Forwarding. Gateways, routers, firewalls.

Firewalls. Content. Location of firewalls Design of firewalls. Definitions. Forwarding. Gateways, routers, firewalls. Firewalls INFO 404 - Lecture 10 31/03/2009 nfoukia@infoscience.otago.ac.nz Credit: Cameron Kerr : ckerr@cs.otago.ac.nz Definitions Content Gateways, routers, firewalls Location of firewalls Design of firewalls

More information

CIS-331 Spring 2016 Exam 1 Name: Total of 109 Points Version 1

CIS-331 Spring 2016 Exam 1 Name: Total of 109 Points Version 1 Version 1 Instructions Write your name on the exam paper. Write your name and version number on the top of the yellow paper. Answer Question 1 on the exam paper. Answer Questions 2-4 on the yellow paper.

More information

CIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1

CIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1 Version 1 1. (20 Points) Given the class A network address 121.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 8,100 subnets? b. (5 Points) What is

More information

Introduction to Firewalls using IPTables

Introduction to Firewalls using IPTables Introduction to Firewalls using IPTables The goal of this lab is to implement a firewall solution using IPTables, and to write and to customize new rules to achieve security. You will need to turn in your

More information

CIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1

CIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1 Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. Router A Router B Router C Router D Network Next Hop Next Hop Next Hop Next

More information

WWW aplikacijų saugumas 2

WWW aplikacijų saugumas 2 WWW aplikacijų saugumas 2 Rolandas Griškevičius rolandas.griskevicius@fm.vgtu.lt MSN: rgrisha@hotmail.com http://fmf.vgtu.lt/~rgriskevicius 2010-11-26 R. Griškevičius, Saugus programavimas, VGTU, 2009

More information

Network Interconnection

Network Interconnection Network Interconnection Covers different approaches for ensuring border or perimeter security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Lecture

More information

TCP /IP Fundamentals Mr. Cantu

TCP /IP Fundamentals Mr. Cantu TCP /IP Fundamentals Mr. Cantu OSI Model and TCP/IP Model Comparison TCP / IP Protocols (Application Layer) The TCP/IP subprotocols listed in this layer are services that support a number of network functions:

More information

Written by Muhammad Kamran Azeem Wednesday, 02 July :48 - Last Updated Saturday, 25 December :45

Written by Muhammad Kamran Azeem Wednesday, 02 July :48 - Last Updated Saturday, 25 December :45 Assalam-u-alaikum, I have been receiving many mails for few years now to provide with a firewall script. Lately I received one such mail and I decided to publish, what I replied him with. The names and

More information

CIS-331 Final Exam Fall 2015 Total of 120 Points. Version 1

CIS-331 Final Exam Fall 2015 Total of 120 Points. Version 1 Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present

More information

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense FIREWALLS 3 Firewalls Firewall means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense administered network public Internet firewall

More information

ECE435: Network Engineering Homework 5 TCP. Due: Thursday, 18 October 2018, 3:30pm

ECE435: Network Engineering Homework 5 TCP. Due: Thursday, 18 October 2018, 3:30pm ECE435: Network Engineering Homework 5 TCP Due: Thursday, 18 October 2018, 3:30pm Submission Directions: For this homework short answers will suffice. To submit, create a document with your answers (text,

More information

THE INTERNET PROTOCOL/1

THE INTERNET PROTOCOL/1 THE INTERNET PROTOCOL a (connectionless) network layer protocol designed for use in interconnected systems of packet-switched computer communication networks (store-and-forward paradigm) provides for transmitting

More information

! ' ,-. +) +))+, /+*, 2 01/)*,, 01/)*, + 01/+*, ) 054 +) +++++))+, ) 05,-. /,*+), 01/-*+) + 01/.*+)

! ' ,-. +) +))+, /+*, 2 01/)*,, 01/)*, + 01/+*, ) 054 +) +++++))+, ) 05,-. /,*+), 01/-*+) + 01/.*+) ! "#! # $ %& #! '!!!( &!)'*+' '(,-. +) /,*+), 01/-*+) + 01/.*+) ) 05,-. +))+, /+*, 2 01/)*,, 01/)*, + 01/+*, ) 054 +) +++++))+,3 4 +. 6*! ) ) ) ) 5 ) ) ) ) + 5 + + ) ) ) 5 9 + ) ) + 5 4 ) ) + ) 5, ) )

More information

8/19/2010. Computer Forensics Network forensics. Data sources. Monitoring

8/19/2010. Computer Forensics Network forensics. Data sources. Monitoring Computer Forensics Network forensics Thomas Mundt thm@informatik.uni-rostock.de Data sources Assessment Monitoring Monitoring Software Logs and Log Analysis Incident Analysis External Assessment Hackers

More information

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 6 / 2 017 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer

More information

C programavimo kalba. 3 paskaita (Sąlygos ir ciklo operatoriai, funkcija scanf() )

C programavimo kalba. 3 paskaita (Sąlygos ir ciklo operatoriai, funkcija scanf() ) C programavimo kalba 3 paskaita (Sąlygos ir ciklo operatoriai, funkcija scanf() ) Sąlygos operatorius if - else Sąlygos operatoriai skirti perduoti programos vykdymą vienai ar kitai programos šakai. Operatorius

More information

CIS-331 Exam 2 Fall 2014 Total of 105 Points. Version 1

CIS-331 Exam 2 Fall 2014 Total of 105 Points. Version 1 Version 1 1. (20 Points) Given the class A network address 119.0.0.0 will be divided into a maximum of 15,900 subnets. a. (5 Points) How many bits will be necessary to address the 15,900 subnets? b. (5

More information

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: Internet of Things , Raj Kamal, Publs.: McGraw-Hill Education Lesson 5 TCP/IP suite, TCP and UDP Protocols 1 TCP/IP Suite: Application layer protocols TCP/IP Suite set of protocols with layers for the Internet TCP/IP communication 5 layers: L7, L4, L3, L2 and L1

More information

Parengė ITMM Artūras Šakalys 1

Parengė ITMM Artūras Šakalys 1 2014.02.02 Parengė ITMM Artūras Šakalys 1 2014.02.02 Parengė ITMM Artūras Šakalys 2 Kaip suprantame masyvą? Pavyzdys: Peteliškių šeima; Gėlių laukas; 2014.02.02 Parengė ITMM Artūras Šakalys 3 Kaip suprasti

More information

Packet Header Formats

Packet Header Formats A P P E N D I X C Packet Header Formats S nort rules use the protocol type field to distinguish among different protocols. Different header parts in packets are used to determine the type of protocol used

More information

TCP/IP Filtering. Main TCP/IP Filtering Dialog Box. Route Filters Button. Packet Filters Button CHAPTER

TCP/IP Filtering. Main TCP/IP Filtering Dialog Box. Route Filters Button. Packet Filters Button CHAPTER CHAPTER 11 Main Dialog Box To access this dialog box (Figure 11-1), select Global/Filtering/ from the Device View. Figure 11-1 Main Configuration Dialog Box Route Filters Button This button brings up a

More information

Kas yra masyvas? Skaičių masyvo A reikšmės: Elementų indeksai (numeriai): Užrašymas Turbo Paskaliu: A[1] A[2] A[3] A[4] A[5]

Kas yra masyvas? Skaičių masyvo A reikšmės: Elementų indeksai (numeriai): Užrašymas Turbo Paskaliu: A[1] A[2] A[3] A[4] A[5] Masyvas 2013 1 Vienmatis masyvas Veiksmai su masyvo elementais: reikšmių priskyrimas ir išvedimas, paieška, rikiavimas. Masyvų perdavimas procedūros (funkcijos) parametrais. 2 Kas yra masyvas? Masyvu vadinamas

More information

ECE 435 Network Engineering Lecture 23

ECE 435 Network Engineering Lecture 23 ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 30 November 2017 HW#11 will be posted Announcements Don t forget projects next week Presentation

More information

I TCP 1/2. Internet TA: Connection-oriented (virtual circuit) Connectionless (datagram) (flow control) (congestion control) TCP Connection-oriented

I TCP 1/2. Internet TA: Connection-oriented (virtual circuit) Connectionless (datagram) (flow control) (congestion control) TCP Connection-oriented I TCP 1/2 TA: Connection-oriented (virtual circuit) Connectionless (datagram) (flow control) (congestion control) Internet TCP Connection-oriented UDP Connectionless IP + TCP (connection-oriented) (byte

More information

THE INTERNET PROTOCOL INTERFACES

THE INTERNET PROTOCOL INTERFACES THE INTERNET PROTOCOL The Internet Protocol Stefan D. Bruda Winter 2018 A (connectionless) network protocol Designed for use in interconnected systems of packet-switched computer communication networks

More information

Redis Ma as, greitas, galingas. Specialiai VilniusPHP

Redis Ma as, greitas, galingas. Specialiai VilniusPHP Redis Ma as, greitas, galingas Specialiai VilniusPHP 2013.06.06 Sergej Kurakin Na, Jūs mane jau nekarta matėte, tai nieko nesakysiu apie save. Kaip aš susipa inau! Tai buvo prieš keletą metų! Projektas

More information

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates

More information

Computer Security Spring Firewalls. Aggelos Kiayias University of Connecticut

Computer Security Spring Firewalls. Aggelos Kiayias University of Connecticut Computer Security Spring 2008 Firewalls Aggelos Kiayias University of Connecticut Idea: Monitor inbound/ outbound traffic at a communication point Firewall firewall Internet LAN A firewall can run on any

More information

The Internet Protocol

The Internet Protocol The Internet Protocol Stefan D. Bruda Winter 2018 THE INTERNET PROTOCOL A (connectionless) network layer protocol Designed for use in interconnected systems of packet-switched computer communication networks

More information

CIS-331 Final Exam Spring 2018 Total of 120 Points. Version 1

CIS-331 Final Exam Spring 2018 Total of 120 Points. Version 1 Version 1 Instructions 1. Write your name and version number on the top of the yellow paper and the routing tables sheet. 2. Answer Question 2 on the routing tables sheet. 3. Answer Questions 1, 3, 4,

More information

CS615 - Aspects of System Administration

CS615 - Aspects of System Administration CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

More information

Programinio kodo saugumas

Programinio kodo saugumas Programinio kodo saugumas Rolandas Griškevičius rolandas.griskevicius@fm.vgtu.lt MSN: rgrisha@hotmail.com http://fmf.vgtu.lt/~rgriskevicius 2009-12-18 R. Griškevičius, Saugus programavimas, VGTU, 2009

More information

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter When the LAN interface is in a private IP DMZ, you can write the firewall rule-set to restrict the number of hosts the VBP can communicate with to only those devices. This enhances security. You can also

More information

Review of Important Networking Concepts. Recall the Example from last lecture

Review of Important Networking Concepts. Recall the Example from last lecture Review of Important ing Concepts Review: ed communication architecture The TCP/IP protocol suite Jörg Liebeherr, 1998,1999 1 Recall the Example from last lecture Ellington.cs.virginia.edu establishes an

More information

KOMPIUTERIŲ TINKLAI. 5 paskaita Tinklo lygmuo, IP protokolas

KOMPIUTERIŲ TINKLAI. 5 paskaita Tinklo lygmuo, IP protokolas KOMPIUTERIŲ TINKLAI 5 paskaita Tinklo lygmuo, IP protokolas Lokalus tinklas (kartojimas) Lokalaus tinklo technologijos: Kokius žinote prieigos prie terpės metodus? Kas yra Ethernet, kokie jo skiriamieji

More information

sottotitolo A.A. 2016/17 Federico Reghenzani, Alessandro Barenghi

sottotitolo A.A. 2016/17 Federico Reghenzani, Alessandro Barenghi Titolo presentazione Piattaforme Software per la Rete sottotitolo Firewall and NAT Milano, XX mese 20XX A.A. 2016/17, Alessandro Barenghi Outline 1) Packet Filtering 2) Firewall management 3) NAT review

More information

Interconnecting Networks with TCP/IP

Interconnecting Networks with TCP/IP Chapter 8 Interconnecting s with TCP/IP 1999, Cisco Systems, Inc. 8-1 Introduction to TCP/IP Internet TCP/IP Early protocol suite Universal 1999, Cisco Systems, Inc. www.cisco.com ICND 8-2 TCP/IP Protocol

More information

Cisco PCP-PNR Port Usage Information

Cisco PCP-PNR Port Usage Information Cisco PCP-PNR Port Usage Information Page 1 of 18 20-Sep-2013 Table of Contents 1 Introduction... 3 2 Prerequisites... 3 3 Glossary... 3 3.1 CISCO PCP Local Machine... 3 3.1.1 CISCO PCP Component... 4

More information

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties

More information

Università Ca Foscari Venezia

Università Ca Foscari Venezia Firewalls Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Networks are complex (image from https://netcube.ru) 2 Example: traversal control Three subnetworks:

More information

Certification. Securing Networks

Certification. Securing Networks Certification Securing Networks UNIT 9 Securing Networks 1 Objectives Explain packet filtering architecture Explain primary filtering command syntax Explain Network Address Translation Provide examples

More information

JAVA pagrindai Lek. Liudas Drejeris

JAVA pagrindai Lek. Liudas Drejeris JAVA pagrindai Lek. Liudas Drejeris Programa (1) Programa, tai eilė instrukcijų (vadinamų programiniais sakiniais), kurie vykdomi paeiliui, kol gaunamas norimas rezultatas. Programa (2) Programa (2) /*

More information

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1 Interconnecting Networks with TCP/IP 2000, Cisco Systems, Inc. 8-1 Objectives Upon completion of this chapter you will be able to perform the following tasks: Identify the IP protocol stack, its protocol

More information

Introduction to TCP/IP networking

Introduction to TCP/IP networking Introduction to TCP/IP networking TCP/IP protocol family IP : Internet Protocol UDP : User Datagram Protocol RTP, traceroute TCP : Transmission Control Protocol HTTP, FTP, ssh What is an internet? A set

More information

Pasirenkamojo modulio kūrybinio darbo atlikimas ir vertinimas

Pasirenkamojo modulio kūrybinio darbo atlikimas ir vertinimas Pasirenkamojo modulio kūrybinio darbo atlikimas ir vertinimas Pasirenkamojo modulio kūrybinis darbas atliekamas keliais etapais: kūrybinio darbo temos (problemos / užduoties) pasirinkimas ir derinimas

More information

Configure the ASA for Dual Internal Networks

Configure the ASA for Dual Internal Networks Configure the ASA for Dual Internal Networks Document ID: 119195 Contributed by Dinkar Sharma, Bratin Saha, and Prashant Joshi, Cisco TAC Engineers. Aug 05, 2015 Contents Introduction Prerequisites Requirements

More information

Mediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 6.8. AudioCodes Family of Multi-Service Business Routers (MSBR)

Mediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 6.8. AudioCodes Family of Multi-Service Business Routers (MSBR) Configuration Guide AudioCodes Family of Multi-Service Business Routers (MSBR) Mediant MSBR Security Setup Version 6.8 Version 6.8 May 2014 Document # LTRT-31640 Configuration Guide Contents Table of

More information

Elektroninis.lt šakninių sertifikatų diegimas

Elektroninis.lt šakninių sertifikatų diegimas Elektroninis.lt šakninių sertifikatų diegimas Ši instrukcija aprašo, kaip į kompiuterį įdiegti šakninius elektroninis.lt sertifikatus. Diegimo darbus galima atlikti turint kompiuterio administratoriaus

More information

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology Transport Over IP CSCI 690 Michael Hutt New York Institute of Technology Transport Over IP What is a transport protocol? Choosing to use a transport protocol Ports and Addresses Datagrams UDP What is a

More information

The Internet Protocol (IP)

The Internet Protocol (IP) The Internet Protocol (IP) The Blood of the Internet (C) Herbert Haas 2005/03/11 "Information Superhighway is really an acronym for 'Interactive Network For Organizing, Retrieving, Manipulating, Accessing

More information

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others. Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization

More information

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled

More information

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management CSE/EE 461 Lecture 13 Connections and Fragmentation Tom Anderson tom@cs.washington.edu Peterson, Chapter 5.2 TCP Connection Management Setup assymetric 3-way handshake Transfer sliding window; data and

More information

Layered Networking and Port Scanning

Layered Networking and Port Scanning Layered Networking and Port Scanning David Malone 22nd June 2004 1 IP Header IP a way to phrase information so it gets from one computer to another. IPv4 Header: Version Head Len ToS Total Length 4 bit

More information

OSI Transport Layer. objectives

OSI Transport Layer. objectives LECTURE 5 OSI Transport Layer objectives 1. Roles of the Transport Layer 1. segmentation of data 2. error detection 3. Multiplexing of upper layer application using port numbers 2. The TCP protocol Communicating

More information

Web Server ( ): FTP, SSH, HTTP, HTTPS, SMTP, POP3, IMAP, POP3S, IMAPS, MySQL (for some local services[qmail/vpopmail])

Web Server ( ): FTP, SSH, HTTP, HTTPS, SMTP, POP3, IMAP, POP3S, IMAPS, MySQL (for some local services[qmail/vpopmail]) The following firewall scripts will help you secure your web and db servers placed on the internet. The scenario is such that the MySQL db server is desired to receive db connections / traffic only from

More information

CIS-331 Final Exam Spring 2016 Total of 120 Points. Version 1

CIS-331 Final Exam Spring 2016 Total of 120 Points. Version 1 Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present

More information

Configuration Note Capturing Traffic on MSBR

Configuration Note Capturing Traffic on MSBR Multi-Service Business Routers 0 Mediant Series VoIP Analog & Digital Media Gateways Configuration Note Capturing Traffic on MSBR Version 1.0 April 2013 Document # LTRT-40304 Configuration Note Contents

More information

Agenda L2 versus L3 Switching IP Protocol, IP Addressing IP Forwarding ARP and ICMP IP Routing First Hop Redundancy

Agenda L2 versus L3 Switching IP Protocol, IP Addressing IP Forwarding ARP and ICMP IP Routing First Hop Redundancy Primer IP Technology L2 Ethernet Switching versus L3 routing IP Protocol, IP Addressing, IP Forwarding ARP and ICMP IP Routing, OSPF Basics First Hop Redundancy (HSRP) Agenda L2 versus L3 Switching IP

More information

Networking Fundamentals

Networking Fundamentals Networking Fundamentals Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

More information

FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6

FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6 FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6 Intrusion Detection Level Analysis of Nmap and Queso by Toby Miller last updated Wednesday, August 30, 2000

More information

NT1210 Introduction to Networking. Unit 10

NT1210 Introduction to Networking. Unit 10 NT1210 Introduction to Networking Unit 10 Chapter 10, TCP/IP Transport Objectives Identify the major needs and stakeholders for computer networks and network applications. Compare and contrast the OSI

More information

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis Session 8. TCP/IP Dongsoo S. Kim (dskim@iupui.edu) Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis IP Packet 0 4 8 16 19 31 Version IHL Type of Service Total Length Identification

More information

Linux. Sirindhorn International Institute of Technology Thammasat University. Linux. Firewalls with iptables. Concepts. Examples

Linux. Sirindhorn International Institute of Technology Thammasat University. Linux. Firewalls with iptables. Concepts. Examples Linux Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 14 October 2013 Common/Reports/-introduction.tex, r715 1/14 Contents 2/14 Linux, netfilter and netfilter:

More information

Come to the TypeScript

Come to the TypeScript Come to the TypeScript we have type hinting! Sergej Kurakin Sergej Kurakin Amžius: 36 Dirbu: NFQ Technologies Pareigos: Programuotojas Programuoti pradėjau mokytis 1996 metais. Programuotoju dirbu nuo

More information

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview This course will teach students about building a simple network, establishing internet connectivity, managing network device security,

More information

K2289: Using advanced tcpdump filters

K2289: Using advanced tcpdump filters K2289: Using advanced tcpdump filters Non-Diagnostic Original Publication Date: May 17, 2007 Update Date: Sep 21, 2017 Topic Introduction Filtering for packets using specific TCP flags headers Filtering

More information

Review of Important Networking Concepts

Review of Important Networking Concepts Review of Important Networking Concepts Review: ed communication architecture The TCP/IP protocol suite 1 Networking Concepts Protocol Architecture Protocol s Encapsulation Network Abstractions 2 1 Sending

More information

Introduction to routing in the Internet

Introduction to routing in the Internet Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 2 3 in Huitema) Internet-1 Internet Architecture Principles End-to-end principle by

More information

Introduction to internetworking, OSI, TCP/IP and Addressing.

Introduction to internetworking, OSI, TCP/IP and Addressing. Introduction to internetworking, OSI, TCP/IP and Addressing. Network Devices Repeater (Hub) Hubs don t break collision and broadcast domains. So any packet will be forwarded to all ports. Bridge (Switch)

More information

Network and Security: Introduction

Network and Security: Introduction Network and Security: Introduction Seungwon Shin KAIST Some slides are from Dr. Srinivasan Seshan Some slides are from Dr. Nick Mckeown Network Overview Computer Network Definition A computer network or

More information

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12 TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group

More information

Introduction TELE 301. Routers. Firewalls. Gateways. Sample Large Network

Introduction TELE 301. Routers. Firewalls. Gateways. Sample Large Network Introduction TELE 301 Lecture 21: s David Eyers (dme@cs.otago.ac.nz) Telecommunications Programme University of Otago Discernment of Routers, s, Gateways Placement of such devices Elementary firewalls

More information

Module: Firewalls. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security

Module: Firewalls. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security CSE543 - Introduction to Computer and Network Security Module: Firewalls Professor Patrick McDaniel Fall 2008 1 Midterm results!"#$%&'()*'+,)*-./('-!* +" *" )" (" '" &" %" $" #"!" #!!,*!"-./0" )+,)("-.,0"

More information

Chapter 5 Network Layer

Chapter 5 Network Layer Chapter 5 Network Layer Network Layer IPv4 2 IP Header Application Header + data 3 IP IP IP IP 4 Focus on Transport Layer IP IP 5 Network Layer The Network layer (Layer 3) provides services to exchange

More information

(ICMP), RFC

(ICMP), RFC Internet et Control o Message Protocol (ICMP), RFC 792 http://icourse.cuc.edu.cn/networkprogramming/ linwei@cuc.edu.cn Nov. 2009 Overview The IP (Internet Protocol) relies on several other protocols to

More information

App. App. Master Informatique 1 st year 1 st term. ARes/ComNet Applications (7 points) Anonymous ID: stick number HERE

App. App. Master Informatique 1 st year 1 st term. ARes/ComNet Applications (7 points) Anonymous ID: stick number HERE Master Informatique 1 st year 1 st term Anonymous ID: stick number HERE Master Informatique 1 st year 1 st term App ARes/ComNet 2015-2016 Midterm exam : Version A in English Duration: 2h00 Allowed: One

More information

How to use IP Tables

How to use IP Tables How to use IP Tables ******************************************************************* *** IPTABLES TUTORIAL I. Definitions and similarities to ipchains II. Chain types and options III. Command line

More information

CS615 - Aspects of System Administration

CS615 - Aspects of System Administration CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

More information

A quick theorical introduction to network scanning. 23rd November 2005

A quick theorical introduction to network scanning. 23rd November 2005 A quick theorical introduction to network ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) http://www.csrrt.org/ 23rd November 2005 IP protocol ACK Network is not exact science When

More information

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Firewalls Chester Rebeiro IIT Madras Firewall Block unauthorized traffic flowing from one network to another

More information

EE 610 Part 2: Encapsulation and network utilities

EE 610 Part 2: Encapsulation and network utilities EE 610 Part 2: Encapsulation and network utilities Objective: After this experiment, the students should be able to: i. Understand the format of standard frames and packet headers. Overview: The Open Systems

More information

ECE 435 Network Engineering Lecture 23

ECE 435 Network Engineering Lecture 23 ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 4 December 2018 Announcements HW#9 graded Don t forget projects next week Presentation schedule

More information

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia IP - The Internet Protocol Based on the slides of Dr. Jorg Liebeherr, University of Virginia Orientation IP (Internet Protocol) is a Network Layer Protocol. IP: The waist of the hourglass IP is the waist

More information

IK2206 Internet Security and Privacy Firewall & IP Tables

IK2206 Internet Security and Privacy Firewall & IP Tables IK2206 Internet Security and Privacy Firewall & IP Tables Group Assignment Following persons were members of group C and authors of this report: Name: Christoph Moser Mail: chmo@kth.se P-Nr: 850923-T513

More information

Network Address Translation (NAT) Contents. Firewalls. NATs and Firewalls. NATs. What is NAT. Port Ranges. NAT Example

Network Address Translation (NAT) Contents. Firewalls. NATs and Firewalls. NATs. What is NAT. Port Ranges. NAT Example Contents Network Address Translation (NAT) 13.10.2008 Prof. Sasu Tarkoma Overview Background Basic Network Address Translation Solutions STUN TURN ICE Summary What is NAT Expand IP address space by deploying

More information

Review of Important Networking Concepts TCP/IP

Review of Important Networking Concepts TCP/IP Review of Important Networking Concepts / / Protocol Suite Assignment of Protocols to Layers Addressing / Layers in the Example Encapsulation and Demultiplexing Different Layers Views of Networking / Protocol

More information

Internetworking models

Internetworking models TEL3214 Computer Communication s Lecture 2 Internetworking models SSH (Secure Shell) SNMP (Simple Management Protocol) SMTP (Simple Mail Transfer Protocol) FTP (File Transfer Protocol) TFTP (Trivial File

More information

Mediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 7.2. AudioCodes Family of Multi-Service Business Routers (MSBR)

Mediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 7.2. AudioCodes Family of Multi-Service Business Routers (MSBR) Configuration Guide AudioCodes Family of Multi-Service Business Routers (MSBR) Mediant MSBR Security Setup Version 7.2 Version 6.8 May 2014 Document # LTRT-31640 Configuration Guide Contents Table of

More information

Definition of firewall

Definition of firewall Internet Firewalls Definitions: firewall, policy, router, gateway, proxy NAT: Network Address Translation Source NAT, Destination NAT, Port forwarding NAT firewall compromise via UPnP/IGD Packet filtering

More information

Global Information Assurance Certification Paper

Global Information Assurance Certification Paper Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without

More information

Different Layers Lecture 20

Different Layers Lecture 20 Different Layers Lecture 20 10/15/2003 Jian Ren 1 The Network Layer 10/15/2003 Jian Ren 2 Network Layer Functions Transport packet from sending to receiving hosts Network layer protocols in every host,

More information