CSED 431 Week 6 -- March 1
Networking
State exam
Viruses
Viruses
Demo of MyDoom?
A virus installed as an ordinary user can:
- download additional resources
- search for personal information and upload it
- use your address book to access your contacts over the network
- use any other network credentials (eg passwords stored in the password manager)
- delete your files
What it cannot do is remain persistent after you log out.
Networks
Routers make this same distinction between local and nonlocal: the net portion of the destination IP address is compared to the net portions of all its IP interfaces. If there is a match, delivery is local; if there is no match, then the router looks up destnet in its routing table, consisting of ⟨dest,next_hop⟩ pairs. If a matching dest is found, the packet is forwarded to the neighboring router represented by the next_hop.
When the packet reaches the final router, that router will realize that
local delivery is called for, and will deliver the packet directly over
the LAN.
Bottom line: if there is disagreement somewhere as to where to divide an IP address into net and host portions, routing will fail.
When a host or router wants to figure out the net portion of one of its IP addresses, it uses the subnet mask corresponding to that address/interface. Subnet masks represent a per-interface way of specifying the
division into net and host bits. The subnet mask itself is a 32-bit
quantity; where there is a 1 bit in the mask, that means the
corresponding bit position of any IP address is part of the net
portion; where there is a 0 bit in the mask, then the corresponding
position in the IP addresses is a host bit. For example, a common
subnet mask is 255.255.255.0; the decimal number 255 is eight 1-bits,
and so this means that the first three bytes of any IP address will be
interpreted as the network portion, and the last byte will be
interpreted as the host portion. This is sometimes denoted "/24",
because there are 24 network bits; it is the same as class C. Another
example is 255.255.240.0; here, you have to do some binary arithmetic
to realize that 240 is 1111 0000 in binary, and so IP addresses are
interpreted as having 8+8+4 = 20 network bits (and then 12 host bits).
This could also be denoted "/20".
The subnet mask is not sent with packets; it is assigned to an IP interface as part of the setup process. Note that, while it is applied to all packets, it really only matters for determining if a packet is
local or not; ie if it matches the net portion of the IP address of one of the interfaces. That is, if you apply your local subnet mask to
microsoft.com (207.46.197.32; a class-C) or 4.0.0.1 (a class A), there
is a good chance that it gives the "wrong" net/host division for one of
these. However, that won't matter, because they are both nonlocal, and as long as your local subnet mask tells you that then you're ok.
For routers, the most common entry into the routing table is the default route,
which is the path to take for all non-specific traffic. Generally, a
router will first attempt to deliver packets to its attached
interfaces, and its final attempt is to deliver to the default route.
Per-network routes exist (sometimes) between these.
Brief review of DNS
basics of how lookup of, say, www.cs.luc.edu works, hierarchically.
edu
luc.edu
cs.luc.edu
www.cs.luc.edu
DNS caching
alice.cs.luc.edu and bob.cs.luc.edu do NOT need to have related IP addrs!
To bring up a machine on a local area network, so that it can connect to the internet, it must have:
- an IP address
- a subnet mask
- the IP address of the router it uses to reach the outside world
- the IP address of one or more DNS servers
Generally, all four of these (and often more as well) are handed out by the DHCP (Dynamic Host Configuration Protocol) server.
TCP and UDP
port numbers
To set up a lab, you need a router and a block
of IP addresses, or, more specifically, a subnet. What can you do if
you have only a single IP address? The standard solution is network address translation,
or NAT, which takes advantage of TCP connections and their port numbers
to handle the "demultiplexing". The usual situation is (potentially)
multiple machines inside, on a private IP subnet (eg 10.0.2.0/24), all
talking to a NAT router. It is easy for a router to replace the subnet
IP address of any machine with its own "outside" IP address; however,
that wouldn't allow return traffic. So the NAT router keeps track of
each TCP connection from the inside, by <IP,port>, and makes a
table. It then rewrites both the source IP address and the TCP port, in
such a way that the connection is reversible.
Example:
Inside:
10.0.2.5:2000 2000
10.0.2.5:2001 2001
10.0.2.7:3000 3000
10.0.2.5:3000 3001
An advantage of NAT is that it makes connections from
the outside very difficult. A disadvantage of NAT is that it makes
connections from the outside very difficult. It also gets in the way of
UDP; some UDP protocols by design answer from a different port, and NAT
doesn't have an entry for the new port.
Click here
to find what the CS Dept server thinks is your IP address. We could use
WireShark to tell what our "inside" port number was, versus the
NAT-altered outside port number.
Configuring networks
The usual tool is the Networks Control Panel applet. Demo.
Some things that can go wrong:
- insufficient bandwidth
- for downloads
- for realtime services (voice/video)
- bad configuration
- use ipconfig /all to try to figure out what is set incorrectly
- unplugged cables
- no ip address
- no router
- no routing upstream to our subnet
- no DNS
State exam
#5: A school uses a central server to provide Internet connections for
classroom computers throughout the school. Which of the following
activities is most likely to defeat the purpose of the server's
firewall?
#6: When scanning a disk for viruses, it is most important to check files having which of the following extenstions?
#7: Network doesn't work the next day.
#8: What is the Device Manager for?
#10: Bad video
Wireless?
Lab
I have created two virtual machines, win1 (bliss) and win2
(tulips). They
share a private Ethernet (which has the virtual name "winprivate").
Win1 also has a connection to the outside world. Their network
interfaces have not been set up, which may mean they have no IP address
(0.0.0.0), or it may mean that an "autoconfig" ethernet address has
been established (169.?.?.?).
1. Get the two machines win1 and win2 talking to each other over the
network. Specifically, arrange to be able to ping one another, and to
mount one another's folders. You will have to assign each host an:
The "private" IP address blocks are:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Mounting folders will entail other difficulties. Can you put an IP address in the Tools => Map Network Drive box?
I used the cmd tool a lot, with commands
ipconfig
ipconfig /all
net use z: \\win1\stuff ....
route print
You can use c:\windows\system32\drivers\etc\hosts (and lmhosts) to provide host-name info, eg
10.11.12.1 win1
I edited hosts/lmhosts with the edit command in the cmd window.
I had other problems too.
2. Enable routing on win1, so win2 can reach the outside through win1. This involves modifying the following registry entry:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter
This will further entail having win2 be assigned a default router, and a DNS Server.
There is another problem: how does the linux host system know that your
private subnet (eg 10.11.12.0/24) is reachable via the tap0 interface
(the internal interface) instead of its normal default interface eth0?
I had to run the following in a linux command window (one of the root windows):
ip route add to 10.11.12.0/24 via 10.0.5.5
where I had used 10.11.12.x as the IP address format on my winprivate
network, and 10.0.5.5 was the IP address of the "upstream" interface on
win1. The above route would be removed with "ip route delete to
10.11.12.0/24".
3. Start winser08 (windows server 2008) and enable DHCP on it. Or not, as time allows.
If you want to enable routing, you will have to add the role Network Policy and Access Services.