Kompiuterių tinklai UDP, NAT, SOCKS
|
|
- Randolf Green
- 6 years ago
- Views:
Transcription
1 Kompiuterių tinklai UDP, NAT, SOCKS Rolandas Griškevičius MSN: R. Griškevičius, Kompiuterių tinklai, VGTU,
2 UDP RFC 768 Neturi: Ryšio užmezgimo žingsnių Būsenų (ir būsenų diagramos) ACK ir kitų indikatorių (flags) Turi: Porto numerius Siuntėjo Gavėjo Kontrolinę sumą Tik 8 baitų antgalvę (header) R. Griškevičius, Kompiuterių tinklai, VGTU,
3 UDP 2 Kadangi neturi susijungimo būsenos, kiekvienas paketas laikomas nepriklausomu: Normalu jei paketas bus pamestas Normalu, jei vėliau išsiųstas ateis anksčiau Šaltinis: R. Griškevičius, Kompiuterių tinklai, VGTU,
4 Ryšio schemose kur: UDP taikymai Daug klientų, mažai duomenų Multicast - kai reikia išsiųsti dideliam klientų skaičiui Standartiniai naudojimo atvejai: DNS portas 53 BOOTP portai 67 ir 68 tftp portas 69 Numatytas kontrolės mechanizmas SNMP 161 ir 162 RIP 520 ir R. Griškevičius, Kompiuterių tinklai, VGTU,
5 UDP 3 ygent tmp # tcpdump -i lo -vv -X -s 0 tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size bytes 19:40: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 55) > : [bad udp cksum c2f6!] UDP, length 27 0x0000: cb4 7f E..7..@.@.<... 0x0010: 7f bb fe36 e287 59f9...#.6..Y. 0x0020: b00 726f 6c61...rola 0x0030: 6e e67 00 ndas.g. 19:40: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 42) > : [bad udp cksum af75!] UDP, length 14 0x0000: a cc1 7f E..*..@.@.<... 0x0010: 7f bb fe29 89ef e0e0...)... 0x0020: 0a fc...A... Gavėjo IP adresas IP antgalvė Siuntėjo portas Gavėjo portas Siuntėjo IP adresas R. Griškevičius, Kompiuterių tinklai, VGTU,
6 Ugniasienė Firewall 3 pagrindiniai tipai: Paketų filtras Pagal užduotas taisykles stebi srautą ir praleidžia/atmeta paketus Jau retai naudojamas kaip vienintelis sprendimas Greičiausi, bet primityviausi Sujungimo filtras (būsenos) Stebi kliento (dažniausiai iš vidaus) sudarytą sujungimą (TCP/UDP) ir pagal tai nustato paketų filtrą. Seka sujungimo būseną Aplikacijos lygio filtras. Analizuja OSI 5 ir aukštesnius lygius. Dažniausiai naudojami http, ftp protokolams filtruoti R. Griškevičius, Kompiuterių tinklai, VGTU,
7 Router vs Firewall Maršrutizatorius paprastai veikia 3 OSI = IP lygyje Teoriškai gali atlikti adresų transliaciją Užduotis nukreipti paketą tam tikru keliu Ugniasienė veikia mažiausiai 4 OSI = TCP/UDP lygyje: Atlieka portų filtravimą Atlieka TCP/UDP sujungimo monitoringą (nuo ryšio pradėjimo - handshaking - iki užbaigimo) Atlieka aukštesnio protokolo kontrolę Pvz, SKYPE blokavimas gana sudėtingas, nes naudoja įvairius komunikavimo mechanizmus Gali atlikti NAPT R. Griškevičius, Kompiuterių tinklai, VGTU,
8 NAT Paprasčiausias statinis NAT. Veikia IP lygyje Aprašoma kiekvieno IP adreso transliacija atskirai: X n Y n x Y x n Y n Naudojamas paprastai adresų transliacijai Cisco conf t ; interface <interfeisas> ; ip nat inside R. Griškevičius, Kompiuterių tinklai, VGTU,
9 Dinaminis NAT Iš vieno rėžio į kitą, rėžiai gali būti nelygūs x n y m, n = 1..a, m = 1..b, a b Veikia IP lygyje, dinamiškai tam tikram laikui kiaurai transliuoja x n y b adresų porą. Veikia IP lygyje, teikia skaidrų IP kanalą x y x n y m R. Griškevičius, Kompiuterių tinklai, VGTU,
10 NAT problemos Pagrindinė problema kontrolinė paketo suma. TCP ir UDP į kontrolinę sumą įtraukia ir IP antgalvės dalį, todėl reikia perskaičiuoti IP ir TCP kontrolines sumas R. Griškevičius, Kompiuterių tinklai, VGTU,
11 PAT, NAPT : : : > : : > : Keitimo (mapping) lentelė : : : :80 Pagrindinis keitimas vyksta porą source IP + port transliuojant į laisvą porto numerį Grįžtantis paketas atrandamas pagal gavėjo porto numerį ir pagal tai lentelėje vėl surandama pora IP + portas vidiniame tinkle R. Griškevičius, Kompiuterių tinklai, VGTU,
12 NAPT problemos NAPT paveldi antgalvių kontrolinių sumų problemą iš statinio NAT ICMP paketas neturi porto, taip pat savyje gali nešti kito IP paketo informaciją reikalingas dvigubas perskaičiavimas Laukiančio siuntėjo porto problema Kitos: chive_article09186a00800c83ec.html R. Griškevičius, Kompiuterių tinklai, VGTU,
13 Laukiančio siuntėjo porto problema Pvz, rexec paslauga: 1. Klientas jungiasi prie 512 prievado (rexec) 2. Klientas siunčia porto numerį, kuriuo jis klausosi stderr srauto duomenų. Formatas tekstinis 3. Jei portas ne tuščias (null terminated), serveris jungiasi į kliento nurodytą portą 4. Klientas siunčia vardą, slaptažodį, komandą, parametrus 5. Serveris siunčia klaidos kodą ( 0 OK, kita klaida) 6. Serveris siunčia programos išvesties duomenis į stdout ir stderr srautus per atskirus TCP kanalus (vienas kuriuo klausosi klientas) 7. Serveris uždaro susijungimus R. Griškevičius, Kompiuterių tinklai, VGTU,
14 Laukiančio siuntėjo porto probl. 2 14:10: > : S 0:0(0) win 3000 <mss 1500> c e c4 7f E..,...@... 7f f ef4 19bb N bb8 1f9d dc `... 14:10: > : S 0:0(0) ack 1 win 3000 <mss 1500> c e c3 7f E..,...@... 7f f8 4ef4 19bb 4ef4 19bc...N...N bb8 b6dc dc `... 14:10: > :. ack 1 win e c6 7f E..(...@... 7f f ef4 19bc 4ef4 19bc...N...N bb8 cec P... 14:10: > : P 1:6(5) ack 1 win d e c0 7f E..-...@... 7f f ef4 19bc 4ef4 19bc...N...N bb8 6c P...lP Du keliai: Papildomai konvertuoti 1014 (šiuo atveju) portą ateinančiam paketui Pakeisti išeinančiame į serverį pakete porto numerį savo ir vėliau jį permetinėti klientui Ta pati problema egzistuoja ir FTP protokole atidaromi 2 srautai vienas komandoms, kitas - duomenims R. Griškevičius, Kompiuterių tinklai, VGTU,
15 Linux NAPT # Praktiškai išbandytas Linux NAPT serveris. Gentoo linux, branduolys # Setup default policies to handle unmatched traffic # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD DROP export LAN=eth0 export WAN=eth1 export INT_LAN_IP= /16 #Then we lock our services so they only work from the LAN iptables -I INPUT 1 -i ${LAN} -j ACCEPT iptables -I INPUT 1 -i lo -j ACCEPT iptables -A INPUT -p UDP --dport bootps! -i ${LAN} -j REJECT iptables -A INPUT -p UDP --dport domain! -i ${LAN} -j REJECT #(Optional) Allow access to our ssh server from the WAN iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT #Drop TCP / UDP packets to privileged ports iptables -A INPUT -p TCP! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP iptables -A INPUT -p UDP! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP #Finally we add the rules for NAT iptables -I FORWARD -i ${LAN} -d $INT_LAN_IP -j DROP iptables -A FORWARD -i ${LAN} -s $INT_LAN_IP -j ACCEPT iptables -A FORWARD -i ${WAN} -d $INT_LAN_IP -j ACCEPT iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE #Tell the kernel that ip forwarding is OK echo 1 > /proc/sys/net/ipv4/ip_forward for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done R. Griškevičius, Kompiuterių tinklai, VGTU,
16 SOCKS proxy Socks proxy paslauga, užtikrinanti paketų ir/arba sujungimų perdavimą iš daugelio klientų per vieną serverį Veikia OSI lygyje 4.5 Klientas autentifikuojasi per TCP, registruoja paslaugą, užmezgamas sujungimas su serveriu Versijos: SOCKS v4 SOCKS v4a SOCKS v R. Griškevičius, Kompiuterių tinklai, VGTU,
17 Socks v4 Klientas užmezga ryšį: Laukas 1 0x04, 1 baitas, versijos numeris Laukas 2 komandos kodas, 1 baitas, 0x01 inicijuoti sujungimą, 0x02 laukti sujungimo Laukas 3 2 baitai, portas Laukas 4 4 baitai, IP adresas Laukas 5 vartotojo ID, pabaigoje - 0x00 Serveris: Laukas 1 0x00 baitas Laukas 2 statusas 0x5a OK, 0x5b atmesta ir t.t. Laukas 3 6 baitai, ignoruojami Pavyzdys, jugimasis su :80, serverio atsakas teigiamas: Klientas: 0x04 0x01 0x00 0x50 0x42 0x66 0x07 0x63 0x46 0x72 0x65 0x64 0x00 Serveris: 0x00 0x5a 0xXX 0xXX 0xXX 0xXX 0xXX 0xXX 0xXX ignoruojami, gali būti bet kokios reikšmės Dabar klientas gali inicijuoti duomenų srautą Šaltinis: R. Griškevičius, Kompiuterių tinklai, VGTU,
18 Socks v5 - RFC 1928 Socks v5: SOCKS 4 vs 5 Pridėtas IP v6 Pridėtas UDP protokolas UDP labai svarbus DNS paslaugai R. Griškevičius, Kompiuterių tinklai, VGTU,
19 Socks v 5 Šaltinis: Linux Magazine, 2005 liepa, 56 leidimas R. Griškevičius, Kompiuterių tinklai, VGTU,
20 SOCKS panaudojimas Pros: Gana paprasta realizacija Greitas Gali būti taikomas kaip alternatyva NAPT, kur NAPT negalimas dėl saugumo (išeinančio ryšio) Valdomas išeinantis srautas Gerai integruojasi su TOR Tinka tarptautinei paslaugai Cons Aplikacija turi palaikyti SOCKS proxy (naršyklės, IRC palaiko) R. Griškevičius, Kompiuterių tinklai, VGTU,
21 tor Daugiasluoksnio maršrutizavimo paslauga Naudojamas anoniminiam ryšiui Interfeisas organizuojamas socks pagalba Prieš siųsdamas pirmą paketą pirmas tor routeris parenka atsitiktinį kelią ir apvelka žinutę keliais simetriniais raktais koduotais apvalkalais R. Griškevičius, Kompiuterių tinklai, VGTU,
Kompiuterių tinklai. IPv6 ir tuneliai
Kompiuterių tinklai IPv6 ir tuneliai Rolandas Griškevičius rolandas.griskevicius@vgtu.lt MSN: rgrisha@hotmail.com http://fmf.vgtu.lt/~rgriskevicius 00--08 R. Griškevičius, Kompiuterių tinklai, VGTU, 00
More informationEl. pašto konfigūravimas
El. pašto konfigūravimas Outlook Express (integruota Windows XP) elektroninio pašto klientas Žemiau pateikta instrukcija, kaip sukonfigūruoti savo elektroninį paštą vartotojams, turintiems elektroninio
More informationPacket Capturing with TCPDUMP command in Linux
Packet Capturing with TCPDUMP command in Linux In this tutorial we will be looking into a very well known tool in Linux system administrators tool box. Some times during troubleshooting this tool proves
More informationTrumpai-ilga istorija
Įvadas į Web Services Kas yra Web Service? Kas ką žino??? 70-ieji: Mainframe Trumpai-ilga istorija 80-ieji: Client-Server Istorijos 90-ieji: Web 2000: SOA 2010: Cloud Computing Šaltinis: Sergejus Barinovas,
More informationCIS-331 Fall 2013 Exam 1 Name: Total of 120 Points Version 1
Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. NOTE: Router E should only be used for Internet traffic. Router A Router
More informationCIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1
Version 1 1. (20 Points) Given the class A network address 117.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 4,000 subnets? b. (5 Points) What is
More informationCIS-331 Final Exam Spring 2015 Total of 115 Points. Version 1
Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present
More informationFirewalls. Content. Location of firewalls Design of firewalls. Definitions. Forwarding. Gateways, routers, firewalls.
Firewalls INFO 404 - Lecture 10 31/03/2009 nfoukia@infoscience.otago.ac.nz Credit: Cameron Kerr : ckerr@cs.otago.ac.nz Definitions Content Gateways, routers, firewalls Location of firewalls Design of firewalls
More informationCIS-331 Spring 2016 Exam 1 Name: Total of 109 Points Version 1
Version 1 Instructions Write your name on the exam paper. Write your name and version number on the top of the yellow paper. Answer Question 1 on the exam paper. Answer Questions 2-4 on the yellow paper.
More informationCIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1
Version 1 1. (20 Points) Given the class A network address 121.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 8,100 subnets? b. (5 Points) What is
More informationIntroduction to Firewalls using IPTables
Introduction to Firewalls using IPTables The goal of this lab is to implement a firewall solution using IPTables, and to write and to customize new rules to achieve security. You will need to turn in your
More informationCIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1
Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. Router A Router B Router C Router D Network Next Hop Next Hop Next Hop Next
More informationWWW aplikacijų saugumas 2
WWW aplikacijų saugumas 2 Rolandas Griškevičius rolandas.griskevicius@fm.vgtu.lt MSN: rgrisha@hotmail.com http://fmf.vgtu.lt/~rgriskevicius 2010-11-26 R. Griškevičius, Saugus programavimas, VGTU, 2009
More informationNetwork Interconnection
Network Interconnection Covers different approaches for ensuring border or perimeter security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Lecture
More informationTCP /IP Fundamentals Mr. Cantu
TCP /IP Fundamentals Mr. Cantu OSI Model and TCP/IP Model Comparison TCP / IP Protocols (Application Layer) The TCP/IP subprotocols listed in this layer are services that support a number of network functions:
More informationWritten by Muhammad Kamran Azeem Wednesday, 02 July :48 - Last Updated Saturday, 25 December :45
Assalam-u-alaikum, I have been receiving many mails for few years now to provide with a firewall script. Lately I received one such mail and I decided to publish, what I replied him with. The names and
More informationCIS-331 Final Exam Fall 2015 Total of 120 Points. Version 1
Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present
More informationFirewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense
FIREWALLS 3 Firewalls Firewall means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense administered network public Internet firewall
More informationECE435: Network Engineering Homework 5 TCP. Due: Thursday, 18 October 2018, 3:30pm
ECE435: Network Engineering Homework 5 TCP Due: Thursday, 18 October 2018, 3:30pm Submission Directions: For this homework short answers will suffice. To submit, create a document with your answers (text,
More informationTHE INTERNET PROTOCOL/1
THE INTERNET PROTOCOL a (connectionless) network layer protocol designed for use in interconnected systems of packet-switched computer communication networks (store-and-forward paradigm) provides for transmitting
More information! ' ,-. +) +))+, /+*, 2 01/)*,, 01/)*, + 01/+*, ) 054 +) +++++))+, ) 05,-. /,*+), 01/-*+) + 01/.*+)
! "#! # $ %& #! '!!!( &!)'*+' '(,-. +) /,*+), 01/-*+) + 01/.*+) ) 05,-. +))+, /+*, 2 01/)*,, 01/)*, + 01/+*, ) 054 +) +++++))+,3 4 +. 6*! ) ) ) ) 5 ) ) ) ) + 5 + + ) ) ) 5 9 + ) ) + 5 4 ) ) + ) 5, ) )
More information8/19/2010. Computer Forensics Network forensics. Data sources. Monitoring
Computer Forensics Network forensics Thomas Mundt thm@informatik.uni-rostock.de Data sources Assessment Monitoring Monitoring Software Logs and Log Analysis Incident Analysis External Assessment Hackers
More informationFirewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A
Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 6 / 2 017 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer
More informationC programavimo kalba. 3 paskaita (Sąlygos ir ciklo operatoriai, funkcija scanf() )
C programavimo kalba 3 paskaita (Sąlygos ir ciklo operatoriai, funkcija scanf() ) Sąlygos operatorius if - else Sąlygos operatoriai skirti perduoti programos vykdymą vienai ar kitai programos šakai. Operatorius
More informationCIS-331 Exam 2 Fall 2014 Total of 105 Points. Version 1
Version 1 1. (20 Points) Given the class A network address 119.0.0.0 will be divided into a maximum of 15,900 subnets. a. (5 Points) How many bits will be necessary to address the 15,900 subnets? b. (5
More informationLesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 5 TCP/IP suite, TCP and UDP Protocols 1 TCP/IP Suite: Application layer protocols TCP/IP Suite set of protocols with layers for the Internet TCP/IP communication 5 layers: L7, L4, L3, L2 and L1
More informationParengė ITMM Artūras Šakalys 1
2014.02.02 Parengė ITMM Artūras Šakalys 1 2014.02.02 Parengė ITMM Artūras Šakalys 2 Kaip suprantame masyvą? Pavyzdys: Peteliškių šeima; Gėlių laukas; 2014.02.02 Parengė ITMM Artūras Šakalys 3 Kaip suprasti
More informationPacket Header Formats
A P P E N D I X C Packet Header Formats S nort rules use the protocol type field to distinguish among different protocols. Different header parts in packets are used to determine the type of protocol used
More informationTCP/IP Filtering. Main TCP/IP Filtering Dialog Box. Route Filters Button. Packet Filters Button CHAPTER
CHAPTER 11 Main Dialog Box To access this dialog box (Figure 11-1), select Global/Filtering/ from the Device View. Figure 11-1 Main Configuration Dialog Box Route Filters Button This button brings up a
More informationKas yra masyvas? Skaičių masyvo A reikšmės: Elementų indeksai (numeriai): Užrašymas Turbo Paskaliu: A[1] A[2] A[3] A[4] A[5]
Masyvas 2013 1 Vienmatis masyvas Veiksmai su masyvo elementais: reikšmių priskyrimas ir išvedimas, paieška, rikiavimas. Masyvų perdavimas procedūros (funkcijos) parametrais. 2 Kas yra masyvas? Masyvu vadinamas
More informationECE 435 Network Engineering Lecture 23
ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 30 November 2017 HW#11 will be posted Announcements Don t forget projects next week Presentation
More informationI TCP 1/2. Internet TA: Connection-oriented (virtual circuit) Connectionless (datagram) (flow control) (congestion control) TCP Connection-oriented
I TCP 1/2 TA: Connection-oriented (virtual circuit) Connectionless (datagram) (flow control) (congestion control) Internet TCP Connection-oriented UDP Connectionless IP + TCP (connection-oriented) (byte
More informationTHE INTERNET PROTOCOL INTERFACES
THE INTERNET PROTOCOL The Internet Protocol Stefan D. Bruda Winter 2018 A (connectionless) network protocol Designed for use in interconnected systems of packet-switched computer communication networks
More informationRedis Ma as, greitas, galingas. Specialiai VilniusPHP
Redis Ma as, greitas, galingas Specialiai VilniusPHP 2013.06.06 Sergej Kurakin Na, Jūs mane jau nekarta matėte, tai nieko nesakysiu apie save. Kaip aš susipa inau! Tai buvo prieš keletą metų! Projektas
More informationSupport for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.
Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates
More informationComputer Security Spring Firewalls. Aggelos Kiayias University of Connecticut
Computer Security Spring 2008 Firewalls Aggelos Kiayias University of Connecticut Idea: Monitor inbound/ outbound traffic at a communication point Firewall firewall Internet LAN A firewall can run on any
More informationThe Internet Protocol
The Internet Protocol Stefan D. Bruda Winter 2018 THE INTERNET PROTOCOL A (connectionless) network layer protocol Designed for use in interconnected systems of packet-switched computer communication networks
More informationCIS-331 Final Exam Spring 2018 Total of 120 Points. Version 1
Version 1 Instructions 1. Write your name and version number on the top of the yellow paper and the routing tables sheet. 2. Answer Question 2 on the routing tables sheet. 3. Answer Questions 1, 3, 4,
More informationCS615 - Aspects of System Administration
CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu
More informationPrograminio kodo saugumas
Programinio kodo saugumas Rolandas Griškevičius rolandas.griskevicius@fm.vgtu.lt MSN: rgrisha@hotmail.com http://fmf.vgtu.lt/~rgriskevicius 2009-12-18 R. Griškevičius, Saugus programavimas, VGTU, 2009
More informationwhile the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter
When the LAN interface is in a private IP DMZ, you can write the firewall rule-set to restrict the number of hosts the VBP can communicate with to only those devices. This enhances security. You can also
More informationReview of Important Networking Concepts. Recall the Example from last lecture
Review of Important ing Concepts Review: ed communication architecture The TCP/IP protocol suite Jörg Liebeherr, 1998,1999 1 Recall the Example from last lecture Ellington.cs.virginia.edu establishes an
More informationKOMPIUTERIŲ TINKLAI. 5 paskaita Tinklo lygmuo, IP protokolas
KOMPIUTERIŲ TINKLAI 5 paskaita Tinklo lygmuo, IP protokolas Lokalus tinklas (kartojimas) Lokalaus tinklo technologijos: Kokius žinote prieigos prie terpės metodus? Kas yra Ethernet, kokie jo skiriamieji
More informationsottotitolo A.A. 2016/17 Federico Reghenzani, Alessandro Barenghi
Titolo presentazione Piattaforme Software per la Rete sottotitolo Firewall and NAT Milano, XX mese 20XX A.A. 2016/17, Alessandro Barenghi Outline 1) Packet Filtering 2) Firewall management 3) NAT review
More informationInterconnecting Networks with TCP/IP
Chapter 8 Interconnecting s with TCP/IP 1999, Cisco Systems, Inc. 8-1 Introduction to TCP/IP Internet TCP/IP Early protocol suite Universal 1999, Cisco Systems, Inc. www.cisco.com ICND 8-2 TCP/IP Protocol
More informationCisco PCP-PNR Port Usage Information
Cisco PCP-PNR Port Usage Information Page 1 of 18 20-Sep-2013 Table of Contents 1 Introduction... 3 2 Prerequisites... 3 3 Glossary... 3 3.1 CISCO PCP Local Machine... 3 3.1.1 CISCO PCP Component... 4
More informationChapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet
Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties
More informationUniversità Ca Foscari Venezia
Firewalls Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Networks are complex (image from https://netcube.ru) 2 Example: traversal control Three subnetworks:
More informationCertification. Securing Networks
Certification Securing Networks UNIT 9 Securing Networks 1 Objectives Explain packet filtering architecture Explain primary filtering command syntax Explain Network Address Translation Provide examples
More informationJAVA pagrindai Lek. Liudas Drejeris
JAVA pagrindai Lek. Liudas Drejeris Programa (1) Programa, tai eilė instrukcijų (vadinamų programiniais sakiniais), kurie vykdomi paeiliui, kol gaunamas norimas rezultatas. Programa (2) Programa (2) /*
More informationInterconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1
Interconnecting Networks with TCP/IP 2000, Cisco Systems, Inc. 8-1 Objectives Upon completion of this chapter you will be able to perform the following tasks: Identify the IP protocol stack, its protocol
More informationIntroduction to TCP/IP networking
Introduction to TCP/IP networking TCP/IP protocol family IP : Internet Protocol UDP : User Datagram Protocol RTP, traceroute TCP : Transmission Control Protocol HTTP, FTP, ssh What is an internet? A set
More informationPasirenkamojo modulio kūrybinio darbo atlikimas ir vertinimas
Pasirenkamojo modulio kūrybinio darbo atlikimas ir vertinimas Pasirenkamojo modulio kūrybinis darbas atliekamas keliais etapais: kūrybinio darbo temos (problemos / užduoties) pasirinkimas ir derinimas
More informationConfigure the ASA for Dual Internal Networks
Configure the ASA for Dual Internal Networks Document ID: 119195 Contributed by Dinkar Sharma, Bratin Saha, and Prashant Joshi, Cisco TAC Engineers. Aug 05, 2015 Contents Introduction Prerequisites Requirements
More informationMediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 6.8. AudioCodes Family of Multi-Service Business Routers (MSBR)
Configuration Guide AudioCodes Family of Multi-Service Business Routers (MSBR) Mediant MSBR Security Setup Version 6.8 Version 6.8 May 2014 Document # LTRT-31640 Configuration Guide Contents Table of
More informationElektroninis.lt šakninių sertifikatų diegimas
Elektroninis.lt šakninių sertifikatų diegimas Ši instrukcija aprašo, kaip į kompiuterį įdiegti šakninius elektroninis.lt sertifikatus. Diegimo darbus galima atlikti turint kompiuterio administratoriaus
More informationTransport Over IP. CSCI 690 Michael Hutt New York Institute of Technology
Transport Over IP CSCI 690 Michael Hutt New York Institute of Technology Transport Over IP What is a transport protocol? Choosing to use a transport protocol Ports and Addresses Datagrams UDP What is a
More informationThe Internet Protocol (IP)
The Internet Protocol (IP) The Blood of the Internet (C) Herbert Haas 2005/03/11 "Information Superhighway is really an acronym for 'Interactive Network For Organizing, Retrieving, Manipulating, Accessing
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationCSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management
CSE/EE 461 Lecture 13 Connections and Fragmentation Tom Anderson tom@cs.washington.edu Peterson, Chapter 5.2 TCP Connection Management Setup assymetric 3-way handshake Transfer sliding window; data and
More informationLayered Networking and Port Scanning
Layered Networking and Port Scanning David Malone 22nd June 2004 1 IP Header IP a way to phrase information so it gets from one computer to another. IPv4 Header: Version Head Len ToS Total Length 4 bit
More informationOSI Transport Layer. objectives
LECTURE 5 OSI Transport Layer objectives 1. Roles of the Transport Layer 1. segmentation of data 2. error detection 3. Multiplexing of upper layer application using port numbers 2. The TCP protocol Communicating
More informationWeb Server ( ): FTP, SSH, HTTP, HTTPS, SMTP, POP3, IMAP, POP3S, IMAPS, MySQL (for some local services[qmail/vpopmail])
The following firewall scripts will help you secure your web and db servers placed on the internet. The scenario is such that the MySQL db server is desired to receive db connections / traffic only from
More informationCIS-331 Final Exam Spring 2016 Total of 120 Points. Version 1
Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present
More informationConfiguration Note Capturing Traffic on MSBR
Multi-Service Business Routers 0 Mediant Series VoIP Analog & Digital Media Gateways Configuration Note Capturing Traffic on MSBR Version 1.0 April 2013 Document # LTRT-40304 Configuration Note Contents
More informationAgenda L2 versus L3 Switching IP Protocol, IP Addressing IP Forwarding ARP and ICMP IP Routing First Hop Redundancy
Primer IP Technology L2 Ethernet Switching versus L3 routing IP Protocol, IP Addressing, IP Forwarding ARP and ICMP IP Routing, OSPF Basics First Hop Redundancy (HSRP) Agenda L2 versus L3 Switching IP
More informationNetworking Fundamentals
Networking Fundamentals Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationFOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6
FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6 Intrusion Detection Level Analysis of Nmap and Queso by Toby Miller last updated Wednesday, August 30, 2000
More informationNT1210 Introduction to Networking. Unit 10
NT1210 Introduction to Networking Unit 10 Chapter 10, TCP/IP Transport Objectives Identify the major needs and stakeholders for computer networks and network applications. Compare and contrast the OSI
More informationDongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis
Session 8. TCP/IP Dongsoo S. Kim (dskim@iupui.edu) Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis IP Packet 0 4 8 16 19 31 Version IHL Type of Service Total Length Identification
More informationLinux. Sirindhorn International Institute of Technology Thammasat University. Linux. Firewalls with iptables. Concepts. Examples
Linux Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 14 October 2013 Common/Reports/-introduction.tex, r715 1/14 Contents 2/14 Linux, netfilter and netfilter:
More informationCome to the TypeScript
Come to the TypeScript we have type hinting! Sergej Kurakin Sergej Kurakin Amžius: 36 Dirbu: NFQ Technologies Pareigos: Programuotojas Programuoti pradėjau mokytis 1996 metais. Programuotoju dirbu nuo
More informationInterconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview
Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview This course will teach students about building a simple network, establishing internet connectivity, managing network device security,
More informationK2289: Using advanced tcpdump filters
K2289: Using advanced tcpdump filters Non-Diagnostic Original Publication Date: May 17, 2007 Update Date: Sep 21, 2017 Topic Introduction Filtering for packets using specific TCP flags headers Filtering
More informationReview of Important Networking Concepts
Review of Important Networking Concepts Review: ed communication architecture The TCP/IP protocol suite 1 Networking Concepts Protocol Architecture Protocol s Encapsulation Network Abstractions 2 1 Sending
More informationIntroduction to routing in the Internet
Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 2 3 in Huitema) Internet-1 Internet Architecture Principles End-to-end principle by
More informationIntroduction to internetworking, OSI, TCP/IP and Addressing.
Introduction to internetworking, OSI, TCP/IP and Addressing. Network Devices Repeater (Hub) Hubs don t break collision and broadcast domains. So any packet will be forwarded to all ports. Bridge (Switch)
More informationNetwork and Security: Introduction
Network and Security: Introduction Seungwon Shin KAIST Some slides are from Dr. Srinivasan Seshan Some slides are from Dr. Nick Mckeown Network Overview Computer Network Definition A computer network or
More informationTCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12
TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group
More informationIntroduction TELE 301. Routers. Firewalls. Gateways. Sample Large Network
Introduction TELE 301 Lecture 21: s David Eyers (dme@cs.otago.ac.nz) Telecommunications Programme University of Otago Discernment of Routers, s, Gateways Placement of such devices Elementary firewalls
More informationModule: Firewalls. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Firewalls Professor Patrick McDaniel Fall 2008 1 Midterm results!"#$%&'()*'+,)*-./('-!* +" *" )" (" '" &" %" $" #"!" #!!,*!"-./0" )+,)("-.,0"
More informationChapter 5 Network Layer
Chapter 5 Network Layer Network Layer IPv4 2 IP Header Application Header + data 3 IP IP IP IP 4 Focus on Transport Layer IP IP 5 Network Layer The Network layer (Layer 3) provides services to exchange
More information(ICMP), RFC
Internet et Control o Message Protocol (ICMP), RFC 792 http://icourse.cuc.edu.cn/networkprogramming/ linwei@cuc.edu.cn Nov. 2009 Overview The IP (Internet Protocol) relies on several other protocols to
More informationApp. App. Master Informatique 1 st year 1 st term. ARes/ComNet Applications (7 points) Anonymous ID: stick number HERE
Master Informatique 1 st year 1 st term Anonymous ID: stick number HERE Master Informatique 1 st year 1 st term App ARes/ComNet 2015-2016 Midterm exam : Version A in English Duration: 2h00 Allowed: One
More informationHow to use IP Tables
How to use IP Tables ******************************************************************* *** IPTABLES TUTORIAL I. Definitions and similarities to ipchains II. Chain types and options III. Command line
More informationCS615 - Aspects of System Administration
CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu
More informationA quick theorical introduction to network scanning. 23rd November 2005
A quick theorical introduction to network ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) http://www.csrrt.org/ 23rd November 2005 IP protocol ACK Network is not exact science When
More informationSome of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras
Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Firewalls Chester Rebeiro IIT Madras Firewall Block unauthorized traffic flowing from one network to another
More informationEE 610 Part 2: Encapsulation and network utilities
EE 610 Part 2: Encapsulation and network utilities Objective: After this experiment, the students should be able to: i. Understand the format of standard frames and packet headers. Overview: The Open Systems
More informationECE 435 Network Engineering Lecture 23
ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 4 December 2018 Announcements HW#9 graded Don t forget projects next week Presentation schedule
More informationIP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia
IP - The Internet Protocol Based on the slides of Dr. Jorg Liebeherr, University of Virginia Orientation IP (Internet Protocol) is a Network Layer Protocol. IP: The waist of the hourglass IP is the waist
More informationIK2206 Internet Security and Privacy Firewall & IP Tables
IK2206 Internet Security and Privacy Firewall & IP Tables Group Assignment Following persons were members of group C and authors of this report: Name: Christoph Moser Mail: chmo@kth.se P-Nr: 850923-T513
More informationNetwork Address Translation (NAT) Contents. Firewalls. NATs and Firewalls. NATs. What is NAT. Port Ranges. NAT Example
Contents Network Address Translation (NAT) 13.10.2008 Prof. Sasu Tarkoma Overview Background Basic Network Address Translation Solutions STUN TURN ICE Summary What is NAT Expand IP address space by deploying
More informationReview of Important Networking Concepts TCP/IP
Review of Important Networking Concepts / / Protocol Suite Assignment of Protocols to Layers Addressing / Layers in the Example Encapsulation and Demultiplexing Different Layers Views of Networking / Protocol
More informationInternetworking models
TEL3214 Computer Communication s Lecture 2 Internetworking models SSH (Secure Shell) SNMP (Simple Management Protocol) SMTP (Simple Mail Transfer Protocol) FTP (File Transfer Protocol) TFTP (Trivial File
More informationMediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 7.2. AudioCodes Family of Multi-Service Business Routers (MSBR)
Configuration Guide AudioCodes Family of Multi-Service Business Routers (MSBR) Mediant MSBR Security Setup Version 7.2 Version 6.8 May 2014 Document # LTRT-31640 Configuration Guide Contents Table of
More informationDefinition of firewall
Internet Firewalls Definitions: firewall, policy, router, gateway, proxy NAT: Network Address Translation Source NAT, Destination NAT, Port forwarding NAT firewall compromise via UPnP/IGD Packet filtering
More informationGlobal Information Assurance Certification Paper
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationDifferent Layers Lecture 20
Different Layers Lecture 20 10/15/2003 Jian Ren 1 The Network Layer 10/15/2003 Jian Ren 2 Network Layer Functions Transport packet from sending to receiving hosts Network layer protocols in every host,
More information