CSED 431 Week 6 -- March 1


Networking
State exam
Viruses  

Viruses

Demo of MyDoom?

A virus installed as an ordinary user can:
What it cannot do is remain persistent after you log out.


Networks

Routers make this same distinction between local and nonlocal: the net portion of the destination IP address is compared to the net portions of all its IP interfaces. If there is a match, delivery is local; if there is no match, then the router looks up destnet in its routing table, consisting of ⟨dest,next_hop⟩ pairs. If a matching dest is found, the packet is forwarded to the neighboring router represented by the next_hop. When the packet reaches the final router, that router will realize that local delivery is called for, and will deliver the packet directly over the LAN.

Bottom line: if there is disagreement somewhere as to where to divide an IP address into net and host portions, routing will fail.

When a host or router wants to figure out the net portion of one of its IP addresses, it uses the subnet mask corresponding to that address/interface. Subnet masks represent a per-interface way of specifying the division into net and host bits. The subnet mask itself is a 32-bit quantity; where there is a 1 bit in the mask, that means the corresponding bit position of any IP address is part of the net portion; where there is a 0 bit in the mask, then the corresponding position in the IP addresses is a host bit. For example, a common subnet mask is 255.255.255.0; the decimal number 255 is eight 1-bits, and so this means that the first three bytes of any IP address will be interpreted as the network portion, and the last byte will be interpreted as the host portion. This is sometimes denoted "/24", because there are 24 network bits; it is the same as class C. Another example is 255.255.240.0; here, you have to do some binary arithmetic to realize that 240 is 1111 0000 in binary, and so IP addresses are interpreted as having 8+8+4 = 20 network bits (and then 12 host bits). This could also be denoted "/20".

The subnet mask is not sent with packets; it is assigned to an IP interface as part of the setup process. Note that, while it is applied to all packets, it really only matters for determining if a packet is local or not; ie if it matches the net portion of the IP address of one of the interfaces. That is, if you apply your local subnet mask to microsoft.com (207.46.197.32; a class-C) or 4.0.0.1 (a class A), there is a good chance that it gives the "wrong" net/host division for one of these. However, that won't matter, because they are both nonlocal, and as long as your local subnet mask tells you that then you're ok.

For routers, the most common entry into the routing table is the default route, which is the path to take for all non-specific traffic. Generally, a router will first attempt to deliver packets to its attached interfaces, and its final attempt is to deliver to the default route. Per-network routes exist (sometimes) between these.

Brief review of DNS
basics of how lookup of, say, www.cs.luc.edu works, hierarchically.
            edu
            luc.edu
            cs.luc.edu
            www.cs.luc.edu
DNS caching
alice.cs.luc.edu and bob.cs.luc.edu do NOT need to have related IP addrs!

To bring up a machine on a local area network, so that it can connect to the internet, it must have:
Generally, all four of these (and often more as well) are handed out by the DHCP (Dynamic Host Configuration Protocol) server.

TCP and UDP
    port numbers

To set up a lab, you need a router and a block of IP addresses, or, more specifically, a subnet. What can you do if you have only a single IP address? The standard solution is network address translation, or NAT, which takes advantage of TCP connections and their port numbers to handle the "demultiplexing". The usual situation is (potentially) multiple machines inside, on a private IP subnet (eg 10.0.2.0/24), all talking to a NAT router. It is easy for a router to replace the subnet IP address of any machine with its own "outside" IP address; however, that wouldn't allow return traffic. So the NAT router keeps track of each TCP connection from the inside, by <IP,port>, and makes a table. It then rewrites both the source IP address and the TCP port, in such a way that the connection is reversible.

Example:
Inside:
    10.0.2.5:2000          2000
    10.0.2.5:2001          2001
    10.0.2.7:3000          3000
    10.0.2.5:3000          3001

An advantage of NAT is that it makes connections from the outside very difficult. A disadvantage of NAT is that it makes connections from the outside very difficult. It also gets in the way of UDP; some UDP protocols by design answer from a different port, and NAT doesn't have an entry for the new port.
    
Click here to find what the CS Dept server thinks is your IP address. We could use WireShark to tell what our "inside" port number was, versus the NAT-altered outside port number.

Configuring networks

The usual tool is the Networks Control Panel applet. Demo.

Some things that can go wrong:


State exam

#5: A school uses a central server to provide Internet connections for classroom computers throughout the school. Which of the following activities is most likely to defeat the purpose of the server's firewall?

#6: When scanning a disk for viruses, it is most important to check files having which of the following extenstions?

#7: Network doesn't work the next day.

#8: What is the Device Manager for?

#10: Bad video

Wireless?


Lab

I have created two virtual machines, win1 (bliss) and win2 (tulips). They share a private Ethernet (which has the virtual name "winprivate"). Win1 also has a connection to the outside world. Their network interfaces have not been set up, which may mean they have no IP address (0.0.0.0), or it may mean that an "autoconfig" ethernet address has been established (169.?.?.?).

1. Get the two machines win1 and win2 talking to each other over the network. Specifically, arrange to be able to ping one another, and to mount one another's folders. You will have to assign each host an:
The "private" IP address blocks are:
    10.0.0.0/8
    172.16.0.0/12
    192.168.0.0/16
   
Mounting folders will entail other difficulties. Can you put an IP address in the Tools => Map Network Drive box?

I used the cmd tool a lot, with commands
    ipconfig
    ipconfig /all
    net use z: \\win1\stuff ....
    route print

You can use c:\windows\system32\drivers\etc\hosts (and lmhosts) to provide host-name info, eg
    10.11.12.1   win1
I edited hosts/lmhosts with the edit command in the cmd window.

I had other problems too.


2. Enable routing on win1, so win2 can reach the outside through win1. This involves modifying the following registry entry:
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter

This will further entail having win2 be assigned a default router, and a DNS Server.

There is another problem: how does the linux host system know that your private subnet (eg 10.11.12.0/24) is reachable via the tap0 interface (the internal interface) instead of its normal default interface eth0? I had to run the following in a linux command window (one of the root windows):

    ip route add to 10.11.12.0/24 via 10.0.5.5

where I had used 10.11.12.x as the IP address format on my winprivate network, and 10.0.5.5 was the IP address of the "upstream" interface on win1. The above route would be removed with "ip route delete to 10.11.12.0/24".


3. Start winser08 (windows server 2008) and enable DHCP on it. Or not, as time allows.

If you want to enable routing, you will have to add the role Network Policy and Access Services.